GDPR Compliance

Last updated: February 2026

Sustalium takes the General Data Protection Regulation (GDPR) seriously. We are committed to protecting your privacy and giving you control over your personal data.

Our GDPR Commitments

• Lawful Basis: We only process data when we have a valid legal basis (consent, contract, legitimate interest, or legal obligation)
• Data Minimization: We only collect data that is necessary for our services
• Transparency: We clearly explain what data we collect and how we use it
• User Rights: We honor all GDPR rights including access, rectification, erasure, and portability
• Security: We implement appropriate technical and organizational measures to protect data
• Data Retention: We only keep data as long as necessary

Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct any inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we use your data
• Right to Portability: Receive your data in a portable format
• Right to Object: Object to certain types of processing
• Right to Withdraw Consent: Withdraw consent at any time

Data Protection Officer

Sustalium B.V. has a designated Data Protection Officer (DPO) who you can contact for any GDPR-related concerns.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us through our contact page. We will respond within 30 days as required by GDPR.

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with GDPR requirements.