GDPR Compliance Policy

This GDPR Compliance Policy explains how GoMyid and GoMyit collect, process, store, and protect personal data in accordance with the European Union General Data Protection Regulation (GDPR) and other internationally recognized privacy frameworks. We are deeply committed to protecting personal information, ensuring full transparency, and giving every user complete control over their data. The purpose of this document is to clearly outline user rights, legal obligations, and the safeguards applied across our software platform and infrastructure.

1. Our Commitment to GDPR

We fully adhere to GDPR principles, including lawfulness, fairness, transparency, data minimization, accuracy, integrity, confidentiality, and accountability. Our approach integrates privacy-by-design and privacy-by-default to ensure that user information is never exposed unnecessarily, processed unlawfully, or retained longer than required.

GDPR compliance is not just a legal obligation for us—it is a core operational philosophy. Every feature, backend system, and remote access component is designed to meet or exceed the highest international privacy standards.

2. Scope of the Policy

This policy applies to all personal data processed in connection with our:

  • Software applications (GoMyid / GoMyit)
  • Websites and user accounts
  • Remote access sessions
  • Technical logs and activity records
  • Support operations
  • Cloud-hosted and self-hosted environments

This policy applies worldwide to all users, regardless of nationality or location.

3. What Personal Data We Collect

We only collect the minimum information necessary to operate our services securely and effectively. Typical categories include:

  • Account Data: Name, email address, authentication credentials.
  • Device Information: Device name, OS version, technical specifications.
  • Connection Data: IP addresses, timestamps, session identifiers.
  • Usage Logs: Remote access actions, session duration, administrative activities.
  • Security Data: Encrypted tokens, access keys, hashed passwords.

We do not capture personal files, private messages, or user content unless explicitly shared for technical support purposes.

4. Lawful Basis for Processing

Processing activities are always conducted under at least one lawful basis defined in GDPR Article 6:

  • Consent: Provided explicitly when creating an account or enabling features.
  • Contractual Necessity: Required to deliver remote access and management services.
  • Legitimate Interest: Platform security, fraud prevention, service improvement.
  • Legal Obligation: When compelled to comply with relevant regulations or authorities.

5. User Rights Under GDPR

Every user has extensive GDPR rights, including:

  • Access: Obtain a copy of all personal data stored.
  • Rectification: Correct inaccurate or outdated information.
  • Erasure: Request permanent deletion of personal data.
  •  Restrict Processing: Limit how data is used in specific situations.
  • Data Portability: Receive data in a structured, machine-readable format.
  • Object: Object to certain processing activities.
  • Withdraw Consent: Immediately stop any consent-based processing.
  • Human Review: We do not make automated decisions without human involvement.

All requests are handled professionally and within GDPR-compliant response periods.

6. Data Minimization & Purpose Limitation

We strictly adhere to GDPR’s data minimization principle. This means we collect only what is required to perform the service, and nothing more. We never store unnecessary personal information, and no data is collected secretly or without prior knowledge.

7. Data Retention & Storage Practices

Personal data is retained only for as long as needed to:

  • Provide our remote access services
  • Maintain security logs and audit trails
  • Comply with contractual or legal obligations

Once the retention period ends, data is permanently deleted using secure industry-standard deletion methods.

8. Encryption & Security Measures

All personal data is protected with advanced security systems, including:

  • AES-256 encryption during data transmission
  • Encrypted databases for sensitive information
  • Secure password hashing (no plain-text passwords are ever stored)
  • Strict access control mechanisms with least privilege enforcement
  • Continuous monitoring for suspicious activities

Security updates and audits are performed regularly to ensure long-term protection of user data.

9. International Data Transfers

When data is transferred outside the EU, we rely on GDPR-compliant transfer mechanisms such as:

  • Standard Contractual Clauses (SCCs)
  • Approved security frameworks
  • Restricted access controls

We ensure that international transfers meet GDPR adequacy requirements.

10. Sharing of Personal Data

We do not sell or rent personal information—ever. Data is only shared when absolutely necessary, such as:

  • With hosting providers under strict data protection agreements
  • With legal authorities when required by law
  • Within an organization’s internal IT team (when authorized)

11. Data Breach Response Plan

Although breaches are unlikely, we maintain a comprehensive response protocol:

  • Immediate containment and isolation of the incident
  • Detailed forensic investigation
  • Notification to affected users “without undue delay”
  • Compliance with GDPR breach-reporting obligations
  • Implementation of corrective and preventive measures

12. Transparency & User Control

Users have full visibility and control over their personal data. We provide tools that allow users to:

  • Review stored personal information
  • Edit their details
  • Download their data
  • Request deletion
  • Terminate accounts

13. Responsibilities of Organizations Using Our Software

Companies using GoMyid / GoMyit must ensure:

  • Employees are informed about remote access policies
  • Data is processed lawfully within their organization
  • Compliance with GDPR when handling user information
  • Internal access is limited to authorized personnel

14. Final Statement

This GDPR Compliance Policy reflects our commitment to protecting user privacy, ensuring lawful data processing, and maintaining global best practices for personal data security. By using GoMyid / GoMyit, you acknowledge and agree to these principles and trust that your information is handled with the highest level of care.

Confirmation