GDPR Compliance

Last Updated: June 10, 2025

Introduction

At ImageMerger, we are committed to ensuring the privacy and protection of your personal data in accordance with the General Data Protection Regulation (GDPR) of the European Union. This page explains how we comply with GDPR principles and outlines your rights under this regulation.

The GDPR applies to all organizations operating within the EU and to organizations outside the EU which offer goods or services to individuals in the EU or monitor the behavior of individuals in the EU.

Our Commitment to GDPR Compliance

ImageMerger has implemented the following measures to ensure compliance with GDPR:

• Data Protection by Design and Default: Privacy and data protection are considered at every stage of our product development.
• Data Processing Inventory: We maintain a record of all personal data processing activities.
• Legal Basis for Processing: We ensure all personal data processing has a valid legal basis under GDPR.
• Consent Management: Where consent is the legal basis for processing, we ensure it is freely given, specific, informed, and unambiguous.
• Data Protection Impact Assessments: We conduct DPIAs for high-risk processing activities.
• Security Measures: We implement appropriate technical and organizational measures to protect personal data.
• Vendor Management: We ensure our data processors comply with GDPR requirements.
• Data Breach Procedures: We have procedures in place to detect, report, and investigate personal data breaches.

Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

1. Right to Be Informed

You have the right to be informed about the collection and use of your personal data. We provide this information in our Privacy Policy.

2. Right of Access

You have the right to request a copy of the personal data we hold about you and to check that we are lawfully processing it.

3. Right to Rectification

You have the right to request that incomplete or inaccurate personal data we hold about you be corrected.

4. Right to Erasure (Right to Be Forgotten)

You have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing.

5. Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances.

6. Right to Data Portability

You have the right to request the transfer of your personal data to another controller in a structured, commonly used, and machine-readable format.

7. Right to Object

You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.

8. Rights in Relation to Automated Decision Making and Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the following methods:

• Email: dpo@mergeimage.com
• Online Form: Available on our contact page at mergeimage.com/contact
• Mail: ImageMerger Data Protection Officer, 123 Privacy Street, Tech City, 12345, USA

We will respond to your request within one month of receipt. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

Data Protection Officer

Our Data Protection Officer (DPO) is responsible for overseeing questions in relation to this GDPR compliance statement and our privacy practices. If you have any questions about this statement, our privacy practices, or your rights under GDPR, please contact our DPO:

• Name: Jane Smith
• Email: dpo@mergeimage.com
• Phone: +1 (555) 123-4567

International Data Transfers

As a service based in the United States, we may transfer personal data from the EU to the US. For such transfers, we implement appropriate safeguards such as:

• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules
• Approved certification mechanisms and codes of conduct

Data Processing Activities

The following table outlines our main data processing activities:

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data
• Ability to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems
• Process for regularly testing, assessing, and evaluating the effectiveness of security measures
• Measures to restore access to personal data in the event of a physical or technical incident

Data Breach Notification

In the case of a personal data breach, we will notify the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after becoming aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals.

If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will also notify the affected individuals without undue delay.

Supervisory Authority

If you are based in the European Union and believe that we are not complying with the GDPR, you have the right to lodge a complaint with your local supervisory authority. However, we would appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.

Changes to This Statement

We may update this GDPR Compliance Statement from time to time to reflect changes in our practices or regulatory requirements. We will notify you of any material changes by posting the new statement on this page and updating the "Last Updated" date.

Contact Us

If you have any questions about our GDPR compliance or our data protection practices, please contact us:

• By email: dpo@mergeimage.com
• By visiting the contact page on our website: mergeimage.com/contact