GDPR & Your Rights

Your privacy matters. Exercise your data protection rights under GDPR.

Your Data Protection Rights

Under the General Data Protection Regulation (GDPR), you have important rights regarding your personal data. OnCalm.io is committed to helping you exercise these rights easily and transparently.

This page explains your rights and how to submit a request. All requests will be handled within the legally required timeframes (typically 30 days).

Your Rights Explained

1. Right to Access

You have the right to request a copy of the personal data we hold about you.

What you'll receive: A comprehensive report of all personal data we process about you, including how we obtained it, why we process it, who we share it with, and how long we keep it.

2. Right to Rectification

You have the right to correct inaccurate or incomplete personal data.

When to use: If your email, name, or other information is incorrect or outdated, you can request an update. You can also update most information directly in your account settings.

3. Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data.

When this applies: You can request deletion if the data is no longer necessary, you withdraw consent, you object to processing, or the data was unlawfully processed. Note: We may retain certain data to comply with legal obligations.

4. Right to Restriction of Processing

You have the right to request that we limit how we use your data.

When to use: If you contest the accuracy of data, object to processing, or need us to retain data for legal claims. We will only store the data and not process it further without your consent.

5. Right to Data Portability

You have the right to receive your data in a portable, machine-readable format.

What you'll receive: Your personal data in a structured format (typically JSON or CSV) that you can transfer to another service provider.

6. Right to Object

You have the right to object to certain types of processing, particularly for direct marketing.

When to use: You can object to processing based on legitimate interests or for marketing purposes. We will stop processing unless we have compelling legitimate grounds that override your interests.

7. Right to Withdraw Consent

Where we rely on consent, you have the right to withdraw it at any time.

How to exercise: You can withdraw consent for marketing emails by clicking "unsubscribe" in any email, or adjust cookie preferences via our cookie settings. For other consent, use the form below.

8. Right to Lodge a Complaint

You have the right to file a complaint with your national data protection authority.

Before filing a complaint: We encourage you to contact us first so we can address your concerns. If you're not satisfied, you can contact your local supervisory authority.

Submit a Data Subject Request

Use the form below to exercise your GDPR rights. We will verify your identity before processing your request and respond within 30 days.

We'll use this email to verify your identity and respond to your request.

By submitting this form, you agree that we may process your personal data to verify your identity and fulfill your request. See our Privacy Policy for details.

Response Timeline

We are committed to processing your request promptly:

  • Standard Response: Within 30 days of receiving your verified request
  • Complex Requests: May be extended to 60 days (we will inform you if this is necessary)
  • Identity Verification: We may request additional information to verify your identity before processing
  • Free of Charge: First request is free; we may charge a reasonable fee for excessive or repetitive requests

Alternative Contact Methods

If you prefer not to use the online form, you can also submit your request via:

  • Email: info@oncalm.io
  • Subject Line: "GDPR Data Subject Request - [Your Request Type]"

Frequently Asked Questions

How do I verify my identity?

We will send a verification email to the address you provide. For certain requests (like data deletion), we may require additional verification to ensure we're protecting your data from unauthorized access.

Is there a fee for GDPR requests?

Your first request is free. We reserve the right to charge a reasonable fee for excessive, repetitive, or manifestly unfounded requests, as permitted by GDPR.

Can you delete all my data?

In most cases, yes. However, we may need to retain certain data to comply with legal obligations (e.g., financial records, legal claims) or for legitimate business purposes. We will explain any retention in our response.

What if I'm not satisfied with your response?

If you're not satisfied with our response, you have the right to lodge a complaint with your national data protection supervisory authority. You can find your authority here.

Can I make a request on behalf of someone else?

Yes, but you must provide proof of your authority to act on behalf of the data subject (e.g., power of attorney, parental consent for minors).

Learn More

For more information about how we process your data, please see: