GDPR Compliance
General Data Protection Regulation
GDPR Compliance Commitment
TuskCPA is fully committed to compliance with the General Data Protection Regulation (GDPR) and protecting the rights of individuals in the European Economic Area (EEA), United Kingdom, and Switzerland. This comprehensive guide explains our GDPR compliance measures and your rights over your personal data.
1. Our GDPR Commitment
As a data processor and, in some cases, a data controller, we process personal data in accordance with GDPR requirements. We have implemented technical and organizational measures to ensure the security and protection of personal data processed through our platform.
2. Legal Basis for Processing
We process personal data under the following legal bases:
- Contract Performance: Processing necessary to provide our services to you
- Legitimate Interests: For analytics, fraud prevention, and service improvement
- Consent: For marketing communications and optional features
- Legal Obligation: To comply with applicable laws and regulations
3Your GDPR Rights
Under GDPR, you have comprehensive rights regarding your personal data. We make exercising these rights simple and transparent. Here are your key rights and how to exercise them:
Right to Access
You have the right to request a copy of the personal data we hold about you.
How to exercise: Submit a request via email to tuskcpa@gmail.com or through your account settings.
Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data.
How to exercise: Update your information directly in your account settings or contact our support team.
Right to Erasure ("Right to be Forgotten")
You have the right to request deletion of your personal data in certain circumstances.
How to exercise: Request account deletion through your account settings or contact tuskcpa@gmail.com
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
How to exercise: Request data export through your account settings (Settings → Privacy → Export Data).
Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data in certain circumstances.
How to exercise: Contact tuskcpa@gmail.com with your specific request.
Right to Object
You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
How to exercise: Opt out of marketing via email links or contact tuskcpa@gmail.com
Response Time: We will respond to all valid requests within 30 days. In complex cases, we may extend this period by an additional 60 days and will inform you of the extension.
4Data Protection Measures
We implement comprehensive technical and organizational measures to protect personal data, exceeding industry standards and GDPR requirements.
Technical Measures
Organizational Measures
5. Data Processing Agreements (DPA)
When you use TuskCPA to process personal data of your clients (data subjects), we act as a data processor on your behalf. We offer a Data Processing Agreement (DPA) that includes:
- Standard Contractual Clauses (SCCs) for international data transfers
- Detailed processing instructions and limitations
- Security measures and breach notification procedures
- Sub-processor information and approval mechanisms
- Data subject rights support
To request a DPA: Contact us at tuskcpa@gmail.com
6. International Data Transfers
We may transfer personal data outside the EEA to countries that do not provide an adequate level of data protection. When we do so, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs): EU Commission-approved model contracts
- Adequacy Decisions: Transfers to countries deemed adequate by the EU Commission
- Binding Corporate Rules: For transfers within our corporate group
- Additional Safeguards: Supplementary measures beyond SCCs where necessary
7. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms:
- We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach
- We will notify affected individuals without undue delay if the breach poses a high risk
- We will document all breaches and our response measures
- We maintain an incident response plan to quickly contain and mitigate breaches
8. Data Retention
We retain personal data only for as long as necessary:
- Account Data: Duration of your account plus 90 days after deletion
- Transaction Records: 7 years for accounting and tax purposes
- Support Communications: 3 years
- Marketing Data: Until you unsubscribe or object
- Legal Claims: Duration of applicable statute of limitations
9. Children's Privacy
Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16 without parental consent, we will delete it immediately.
10. Supervisory Authority
You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of alleged infringement.
EU Data Protection Authorities: Find your local authority
Irish Data Protection Commission: Our lead supervisory authority (as we process data in Ireland)
11. Data Protection Officer (DPO)
We have appointed a Data Protection Officer to oversee our GDPR compliance:
Email: tuskcpa@gmail.com
12. Updates to This Policy
We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Material changes will be communicated via email or platform notification.
13How to Exercise Your Rights
Exercising your GDPR rights is simple and straightforward. We provide multiple ways to contact us and typically respond within 30 days.
Account Settings
Self-service options
Settings → PrivacyOur GDPR Commitment
We are committed to protecting your rights under GDPR and will work with you to address any concerns or requests promptly and transparently. Your privacy and data protection are our highest priorities.