JavaScript is required for theme switching. Please enable JavaScript.
+12344152393

GDPR Compliance

General Data Protection Regulation (GDPR) Information

ReferXchange is committed to protecting your privacy and complying with GDPR requirements for EU residents.

Your Rights Under GDPR

If you are a resident of the European Union, you have the following rights:

Right to Access

You can request a copy of all personal data we hold about you.

Right to Rectification

You can request correction of any inaccurate personal data.

Right to Erasure

You can request deletion of your personal data ("right to be forgotten").

Right to Restrict Processing

You can request that we limit how we use your personal data.

Right to Data Portability

You can request your data in a machine-readable format.

Right to Object

You can object to certain types of processing of your personal data.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract: Processing necessary to fulfill our services to you
  • Consent: You have given explicit consent for specific purposes
  • Legitimate Interests: Processing necessary for our legitimate business interests
  • Legal Obligation: Processing required by law

Data We Collect

Data Type Purpose Legal Basis Retention Period
Email Address Account creation, communication Contract Until account deletion
Phone Number Account verification Legitimate Interest Until account deletion
Payment Information Process transactions Contract 7 years (tax requirements)
Task Data Service provision Contract 90 days after completion
IP Address Security, fraud prevention Legitimate Interest 30 days

Data Protection Measures

  • Encryption of data in transit (SSL/TLS)
  • Encryption of sensitive data at rest
  • Regular security audits
  • Access controls and authentication
  • Employee training on data protection
  • Data breach notification procedures

Third-Party Data Sharing

We share data with third parties only when necessary:

  • Stripe: Payment processing (PCI compliant)
  • Twilio: SMS verification (ISO 27001 certified)
  • Google Analytics: Website analytics (if enabled)

All third parties are GDPR compliant and act as data processors.

International Data Transfers

Your data may be transferred outside the EU. We ensure appropriate safeguards:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Privacy Shield certification (where applicable)

Exercising Your Rights

To exercise any of your GDPR rights:

  1. Contact us at admin@referxchange.com
  2. Provide proof of identity
  3. Specify which right(s) you wish to exercise
  4. We will respond within 30 days
Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer:

  • Email: dpo@
  • Subject Line: "GDPR Request"

Complaints

If you're not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority:

Updates to This Policy

We may update this GDPR information from time to time. Significant changes will be communicated via email.

Last updated: April 18, 2026