GDPR Compliance

Effective Date: September 1, 2025
Last Updated: September 1, 2025
Version 1.0

Last Updated: January 2025

Our GDPR Commitment

WhyTheHighBill.com is committed to compliance with the General Data Protection Regulation (GDPR) for our European Union users.

Lawful Basis for Processing

We process personal data under the following legal bases:

  • Newsletter subscriptions
  • Marketing communications
  • Optional data collection

Legitimate Interests

  • Service improvements
  • Security and fraud prevention
  • Anonymous analytics

Contract Performance

  • Account creation and management
  • Service delivery
  • Customer support

Your Rights Under GDPR

1. Right to Access

Request a copy of your personal data we hold.

2. Right to Rectification

Correct inaccurate or incomplete data.

3. Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data.

4. Right to Restrict Processing

Limit how we use your data.

5. Right to Data Portability

Receive your data in a machine-readable format.

6. Right to Object

Object to certain types of processing.

We do not use fully automated decision-making that produces legal effects.

How to Exercise Your Rights

Email: gdpr@whythehighbill.com

Include:

  • Your full name
  • Email address associated with your account
  • Specific right(s) you wish to exercise
  • Any relevant details

We will respond within 30 days.

Data Protection Officer

While not required, we have designated a privacy officer:

Contact: dpo@whythehighbill.com

International Data Transfers

Data may be transferred to the United States. We ensure appropriate safeguards:

  • Standard Contractual Clauses
  • Adequate security measures
  • Limited access controls

Data Retention

We retain data only as long as necessary:

  • Active accounts: Duration of service
  • Inactive accounts: 2 years
  • Legal obligations: As required by law
  • Marketing: Until opt-out

Children's Data

We do not knowingly collect data from children under 16 in the EU.

Cookies

See our Cookie Policy for detailed information. We obtain consent for non-essential cookies.

Data Breach Notification

In case of a breach:

  • User notification within 72 hours (if high risk)
  • Supervisory authority notification
  • Documentation of all breaches

Supervisory Authority

You have the right to lodge a complaint with your local supervisory authority.

Updates

This GDPR compliance statement may be updated. Check the "Last Updated" date.

Contact

For GDPR-related inquiries:

Email: gdpr@whythehighbill.com
Mail: WhyTheHighBill.com GDPR Compliance
c/o Hackney Enterprises Inc.
[Address]

WhyTheHighBill.com respects your privacy rights under GDPR and is committed to protecting your personal data.