GDPR Compliance

How Kuviq helps you comply with the General Data Protection Regulation (GDPR) and other data protection requirements.

Overview

GDPR is a European Union regulation that governs how personal data must be handled. Kuviq provides features and tools to help you meet these requirements.

Key GDPR Principles

Principle	Description
Lawfulness	Process data with legal basis
Purpose Limitation	Only use data for specified purposes
Data Minimization	Collect only necessary data
Accuracy	Keep data accurate and up-to-date
Storage Limitation	Don't keep data longer than needed
Integrity & Security	Protect data from unauthorized access
Accountability	Demonstrate compliance

Personal Data in Kuviq

What Constitutes Personal Data

Data that identifies individuals:

• User accounts - Names, emails, phone numbers
• Inspection records - Who performed inspections
• Audit logs - Activity records with user details
• Signatures - Digital signatures on inspections
• Photos - If they contain identifiable individuals

Data Categories

Category	Examples	Retention
Account Data	Email, name, role	Until account deleted
Activity Data	Logins, actions	Per retention policy
Content Data	Inspections, notes	Configurable
Technical Data	IP addresses, device info	Limited period

Your Rights Under GDPR

Right of Access

Users can request their data:

1. For users:

   • Go to Profile > Privacy
   • Click Download My Data
   • Receive data export

2. For admins:

   • Go to Settings > Privacy
   • Select user
   • Generate data export

Right to Rectification

Correct inaccurate data:

1. Personal information:

   • Edit user profile
   • Update contact details
   • Correct name spelling

2. Inspection data:

   • Edit inspection (if permitted)
   • Add corrections
   • Document reason for changes

Right to Erasure

Request data deletion:

1. Self-service:

   • Profile > Privacy
   • Request Account Deletion
   • Confirm request

2. Admin-initiated:

   • Settings > Users
   • Select user
   • Delete User Data

Right to Portability

Export data in standard format:

1. Go to Profile > Privacy
2. Click Export My Data
3. Choose format (JSON, CSV)
4. Download package

Right to Restriction

Limit how data is processed:

1. Contact administrator
2. Request processing restriction
3. Admin applies restriction
4. Limited operations allowed

Admin Tools for GDPR

Data Subject Requests

Handle user requests:

1. Receive request

   • Through any channel
   • Document receipt

2. Verify identity

   • Confirm requester identity
   • Document verification

3. Process request

   • Access, export, or delete
   • Within 30 days

4. Document response

   • Record action taken
   • Maintain audit trail

Managing Consent

Track user consent:

1. Record consent

   • When obtained
   • What for
   • How given

2. Consent preferences

   • Users set preferences
   • Respect choices

3. Withdrawal

   • Easy to withdraw
   • Stop processing

Data Retention Settings

Configure retention periods:

1. Go to Settings > Privacy > Data Retention
2. Set retention for each data type
3. Enable automatic deletion
4. Document policy

Data Processing

Data Processing Agreement (DPA)

Kuviq acts as a data processor:

• You are the data controller
• Kuviq processes data on your behalf
• DPA available for download
• Required for GDPR compliance

Getting the DPA

1. Go to Settings > Legal > Documents
2. Download DPA
3. Review and sign
4. Upload signed copy
5. Or contact support

Sub-processors

Third parties that process data:

Service	Purpose	Location
Cloud Hosting	Infrastructure	EU/US
Email Service	Notifications	US
Analytics	Usage analysis	EU
Support	Customer service	EU

Full list available in Settings > Privacy > Sub-processors

Security Measures

Technical Measures

Data protection technology:

Measure	Implementation
Encryption in Transit	TLS 1.3 for all connections
Encryption at Rest	AES-256 for stored data
Access Controls	Role-based permissions
Authentication	2FA available
Audit Logging	All actions recorded

Organizational Measures

Security practices:

• Regular security training
• Access reviews
• Incident response plan
• Security policies
• Vendor assessments

Data Deletion

Deleting User Data

To delete a user's data:

1. Go to Settings > Users
2. Find the user
3. Click Delete User
4. Choose deletion options:
   • Keep inspection records (anonymize)
   • Delete all records
5. Confirm deletion

What Gets Deleted

Data Type	Standard Deletion	Full Deletion
User Profile	Yes	Yes
Login History	Yes	Yes
Inspection Records	Anonymized	Deleted
Audit Logs	Anonymized	Anonymized*
Photos with User	Retained	Deleted

*Audit logs may be retained anonymized for compliance

Deletion Timeline

• Request received: Same day confirmation
• Verification: Within 24 hours
• Deletion processed: Within 30 days
• Backups purged: Within 90 days

Data Export

Personal Data Export

Export includes:

• Account information
• Login history
• Activity records
• Inspection data (where identifiable)
• Preferences and settings

Export Format

Standard format includes:

{
  "user": {
    "email": "user@example.com",
    "name": "John Doe",
    "created": "2024-01-15",
    "role": "Manager"
  },
  "activity": [
    {
      "date": "2024-01-20",
      "action": "Login",
      "details": "..."
    }
  ],
  "inspections": [
    {
      "id": "INS-001",
      "date": "2024-01-20",
      "item": "Fire Extinguisher"
    }
  ]
}

Privacy Settings

Organization Settings

Configure privacy:

1. Settings > Privacy

   • Data retention periods
   • Auto-deletion policies
   • Consent requirements

2. Cookie Settings

   • Essential only
   • Analytics (optional)
   • Marketing (optional)

User Privacy Controls

Each user can:

• View their data
• Export their data
• Request deletion
• Manage preferences
• Control notifications

Breach Notification

What Is a Breach

A security incident involving personal data:

• Unauthorized access
• Data theft
• Accidental disclosure
• Data loss

Notification Requirements

GDPR requires:

1. Authority notification: Within 72 hours
2. User notification: Without undue delay (if high risk)

Kuviq Support

If a breach occurs:

1. Kuviq notifies you immediately
2. Provides incident details
3. Supports investigation
4. Assists with notifications

Reporting a Suspected Breach

If you suspect a breach:

1. Contact security@kuviq.io immediately
2. Provide details
3. Don't share sensitive info via unsecured channels

Documentation

Required Records

Maintain documentation of:

• Data processing activities
• Legal basis for processing
• Data subject requests
• Consent records
• Security measures

Kuviq Provides

• Processing activity records
• Data subject request logs
• Audit trails
• Security documentation
• Sub-processor list

Compliance Checklist

For New Organizations

• Review and sign DPA
• Configure privacy settings
• Set data retention periods
• Train administrators
• Document legal basis
• Implement consent processes

Ongoing Compliance

• Regular access reviews
• Handle data requests promptly
• Monitor for breaches
• Update retention settings
• Review sub-processors
• Annual compliance review

Resources

Documentation

• Data Processing Agreement
• Privacy Policy
• Sub-processor List
• Security Whitepaper

Support

• Email: privacy@kuviq.io
• In-app support
• Documentation center

External Resources

• GDPR Official Text
• ICO (UK) Guidance
• CNIL (France) Guidance

Related Topics

• Audit Logs - Activity tracking
• Security Dashboard - Security overview
• User Management - Managing users