GDPR Compliance Statement

1. Introduction

Cora ("Company", "we", "our", or "us") is committed to protecting personal data and complying with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This document outlines how we ensure compliance with GDPR when processing personal data.

2. Data Controller

Cora acts as the Data Controller for personal data collected through https://cora.space/.

3. Principles of Data Processing

We adhere to the following GDPR principles:

• Lawfulness, fairness, and transparency
• Purpose limitation
• Data minimization
• Accuracy
• Storage limitation
• Integrity and confidentiality
• Accountability

4. Legal Basis for Processing

We process personal data only when we have a lawful basis, including:

• Consent (Article 6(1)(a))
• Contractual necessity (Article 6(1)(b))
• Legal obligation (Article 6(1)(c))
• Legitimate interests (Article 6(1)(f))

5. Data Subject Rights

Under GDPR, individuals have the following rights:

• Right of access (Article 15)
• Right to rectification (Article 16)
• Right to erasure ("right to be forgotten") (Article 17)
• Right to restrict processing (Article 18)
• Right to data portability (Article 20)
• Right to object (Article 21)
• Right to withdraw consent at any time

Requests can be submitted using the contact details below.

6. Data Collection and Use

We collect and process personal data only for specified, explicit, and legitimate purposes, including:

• Providing services
• Communicating with users
• Improving our Website and services

7. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected, unless otherwise required by law.

8. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

• Encryption where appropriate
• Access controls
• Secure data storage practices

9. Data Sharing and Transfers

We may share personal data with trusted service providers. Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards, such as:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission

10. Data Breach Notification

In the event of a personal data breach, we will notify relevant authorities within 72 hours where required and inform affected individuals when necessary.

11. Data Protection Officer (DPO)

If required, we appoint a Data Protection Officer responsible for overseeing GDPR compliance.

12. Contact Information

If you have questions about this GDPR Compliance Statement or wish to exercise your rights, please contact us:

• Website: https://cora.space/
• Email: [email protected]