Kruncher Logo
Log in

Privacy Policy

Read more about the Cookies Policy here

GDPR Compliance Policy

Policy Owner: Francesco De Liva
Effective Date: 3/2/2025

1. Application

This policy applies to all employees, contractors, and vendors while doing business with Kruncher Pte. Ltd. and others who have access to European Union (EU) and the European Economic Area (EEA) data subject information ("personal data") in connection with Kruncher Pte. Ltd.'s operating activities.

2. Policy

Kruncher Pte. Ltd. is committed to protecting the security, confidentiality, and privacy of its information resources, including EU and EEA personal data, in accordance with the requirements set forth in the General Data Protection Regulation (GDPR) - EU 2016/679.

Key Compliance Principles:

  • Personal data shall only be processed when there is a legal basis to do so.
  • Data shall be managed to ensure security, confidentiality, and privacy.
  • Data will be used only for authorized purposes.
  • All employees and contractors share the responsibility for safeguarding personal data.
When performing commercial activities in support of Kruncher Pte. Ltd. products and services that impact EU/EEA personal data, Kruncher Pte. Ltd. may engage in activities such as:
  • Storing, processing, transmitting, creating, or accessing personal data.
  • Ensuring compliance with GDPR requirements.
  • Implementing technical, physical, and administrative safeguards.
Read the GDPR Regulation

3. Roles and Responsibilities

Policy Adoption

Kruncher Pte. Ltd. will develop and adopt GDPR policies that include:
  • Safeguards to maintain security, confidentiality, and privacy of personal data.
  • Compliance measures to protect against unauthorized data usage.

Responsible Person

  • Francesco De Liva (info@kruncher.ai) has been assigned responsibility for overall GDPR compliance.

Data Protection Officer (DPO)

The Data Protection Officer (DPO) is responsible for overseeing GDPR compliance, including:
  • Monitoring Kruncher Pte. Ltd.'s internal GDPR compliance.
  • Providing guidance on data protection matters.
  • Keeping stakeholders informed about GDPR updates.
  • Ensuring compliance with data processing activities.
  • Acting as a contact point for regulatory authorities.
Data Protection Officer:
Francesco De Liva (info@kruncher.ai)

4. Article 27 Local Representative

For entities operating outside the EU, a local representative must be appointed. This representative will:
  • Serve as a contact point for GDPR-related inquiries.
  • Ensure compliance with EU data protection regulations.
EU Representative: Prighter Group Name: iuro Rechtsanwälte GmbH managing the legal relationship for all Prighter Group entities centrally. Address: Schellinggasse 3, 1010 Vienna, Austria Company Representative: Andreas Maetzler, CEO, support@prighter.com

5. Implementation

Data Protection Measures

  • Personal data must have a legal basis for processing.
  • Access to personal data is strictly controlled.
  • Storage & Transmission: Personal data must be encrypted when stored or transmitted.
  • Disposal: Paper records must be shredded, and electronic media securely wiped.
  • Awareness Training: Employees handling personal data will receive GDPR compliance training.

Data Processing Record (Article 30 GDPR)

Kruncher Pte. Ltd. maintains records including:
  • Data categories, processing purposes, and recipients.
  • Data transfer details to third countries.
  • Retention periods and security measures.

6. Breach Notification

In the event of unauthorized data access or disclosure, affected parties will be notified as per GDPR requirements. Read GDPR Article 32 on Security Measures
Read GDPR Article 49 on Data Transfers

7. Data Subject Access Requests (DSAR)

Under GDPR, data subjects have the right to:
  • Access their personal data.
  • Rectify incorrect information.
  • Erase data ("Right to be Forgotten").
  • Restrict processing of their data.
  • Object to processing (withdraw consent).
  • Request data portability.

Submitting a DSAR Request

Processing Requests

  • DSARs will be acknowledged within 3 business days.
  • Kruncher Pte. Ltd. will respond within 1 month.
  • If an extension is needed, users will be informed.

Kruncher Pte. Ltd. as the Data Controller

  • Collects and manages personal data as required by GDPR.
  • Keeps records of where data is stored.
  • Maintains a Data Protection Register.

Kruncher Pte. Ltd. as the Data Processor

  • Provides customers access to data via APIs or user interfaces.
  • Follows instructions from the data controller.
  • Maintains a record of data requests.

8. SAR Exemptions & Limits

  • Legal Exemptions: Certain information may be withheld under Article 23 GDPR.
  • Administrative Costs: If additional copies of data are requested, a reasonable processing fee may be charged.
  • Compelled Disclosure: In case of court orders, subpoenas, or government investigations, Kruncher Pte. Ltd. may disclose data.

9. Compelled Disclosure

If Kruncher Pte. Ltd. is legally required to disclose data:
  • The CEO & Data Protection Officer will be notified.
  • Customers may be informed, unless legally prohibited.
  • Only relevant data will be shared in compliance with the law.

10. Enforcement

Responsible Officers:
  • CEO, CTO, and CPO are responsible for policy enforcement.
Employee Obligations:
  • Employees must report GDPR violations to info@kruncher.ai.
  • Non-compliance may result in disciplinary action.
Reporting Violations:
  • All suspected policy violations must be reported.
  • No retaliation will be taken against employees who report in good faith.

11. Version History

VersionDateDescriptionAuthorApproved By
1.13/2/2025Second version of policyFrancesco De LivaEugene Kim

Contact Information

For questions regarding this policy, please contact:
📧 info@kruncher.ai