GDPR Compliance

Last updated: 2026-01-22

Our Commitment to Data Protection

YourWay CRM is fully committed to complying with the General Data Protection Regulation (GDPR) (EU) 2016/679. As a CRM platform handling personal data, we understand our responsibilities as both a data controller and a data processor.

This page outlines how we ensure GDPR compliance and how we help our customers meet their own GDPR obligations.

Our Role Under GDPR

Data Controller

We act as a data controller for your account information and our relationship with you as a customer.

Data Processor

We act as a data processor for the customer data you store and manage through our CRM platform.

Data Processing Activities

We process personal data for the following purposes:

  • Service Delivery: To provide and maintain our CRM platform
  • Account Management: To manage your account and subscription
  • Communication: To send service-related notifications and updates
  • Payment Processing: To process subscription payments
  • Support: To respond to your inquiries and provide assistance
  • Improvement: To analyze usage and improve our services

Sub-Processors

We use the following third-party service providers (sub-processors) to help deliver our services:

Provider Purpose Location
Stripe Payment processing EU/US (DPF certified)
Cloud Hosting Provider Infrastructure and data storage EU
Email Service Provider Transactional emails EU

All our sub-processors are contractually bound to process data only as instructed and maintain appropriate security measures.

Security Measures

We implement comprehensive technical and organizational measures to protect personal data:

Technical Measures

  • TLS 1.3 encryption in transit
  • AES-256 encryption at rest
  • Regular security audits
  • Automated vulnerability scanning
  • Multi-factor authentication

Organizational Measures

  • Employee data protection training
  • Access control policies
  • Incident response procedures
  • Regular security reviews
  • Confidentiality agreements

Data Breach Notification

In the event of a personal data breach, we commit to:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of a breach (when required)
  • Notify affected customers without undue delay
  • Provide all necessary information about the breach and remediation steps
  • Document all breaches and our response actions

International Data Transfers

When personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • Adequacy Decisions: Transfers to countries with EU adequacy decisions
  • Standard Contractual Clauses: EU-approved SCCs for other transfers
  • Data Privacy Framework: For US transfers to DPF-certified organizations
  • Supplementary Measures: Additional technical safeguards where needed

Your Rights Under GDPR

As a data subject, you have the following rights:

1

Right of Access (Article 15)

Request a copy of your personal data and information about how it's processed.

2

Right to Rectification (Article 16)

Request correction of inaccurate or incomplete personal data.

3

Right to Erasure (Article 17)

Request deletion of your personal data under certain circumstances.

4

Right to Restrict Processing (Article 18)

Request limitation of processing in certain situations.

5

Right to Data Portability (Article 20)

Receive your data in a structured, machine-readable format.

6

Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing.

For Our Customers (Data Controllers)

If you use YourWay CRM to manage your customers' data, you are a data controller under GDPR. We help you meet your obligations by:

  • Providing a Data Processing Agreement (DPA) upon request
  • Enabling data export in standard formats
  • Supporting data deletion requests
  • Maintaining appropriate security measures
  • Providing audit and compliance documentation

Data Protection Officer

For data protection inquiries, you can contact our Data Protection team:

Data Protection Contact

Email: privacy@yourwaycrm.com

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is:

Hellenic Data Protection Authority (HDPA)

1-3 Kifissias Avenue, 115 23 Athens, Greece

Phone: +30 210 6475600

Email: contact@dpa.gr

Website: www.dpa.gr

Contact Us

For any questions about our GDPR compliance or to exercise your rights:

General Support: support@yourwaycrm.com

Data Protection: privacy@yourwaycrm.com