Get started

Menu

Legal

GDPR Rights

Last updated: April 27, 2026  ·  Effective date: January 1, 2025

This page summarises your rights under the EU General Data Protection Regulation (GDPR) and the UK GDPR, and explains how to exercise them with Baaed FREE SEO Suite. For our complete data-handling practices, see our Privacy Policy.

1. Who This Applies To

The GDPR protects natural persons (not companies) located in the European Economic Area (EEA). The UK GDPR mirrors these rights for residents of the United Kingdom. Many of the rights below are also extended to residents of other regions through equivalent local laws (CPRA in California, LGPD in Brazil, PIPEDA in Canada, etc.); see our Privacy Policy for details.

2. Who the Data Controller Is

The data controller responsible for your personal data is:

Your Company

Privacy contact: info@baaed.com

3. EU Representative (Article 27)

Current position. Baaed FREE SEO Suite is operated from the United States and at this time has not appointed a representative in the European Union under GDPR Article 27. We provide the Service primarily to a global audience and we are not currently established in the EU within the meaning of Recital 22 of the GDPR. Where Article 27 applies, the obligation is on the controller; we have therefore taken the following measures so EU and EEA data subjects can exercise their rights effectively:

  • Direct contact with our privacy team at info@baaed.com, with a published response time of one calendar month (Section 7).
  • Plain-English description of every right and how to exercise it (Sections 4 and 6).
  • A direct path to lodge complaints with the supervisory authority of your country of habitual residence (Section 10).

If we engage an EU-established representative service in the future, or if a competent supervisory authority instructs us to appoint one, this section will be updated within a reasonable time and the representative's full contact details will be published here. EU and EEA data subjects retain all of their GDPR rights and may exercise them by contacting us directly at info@baaed.com — we treat such requests with the same priority as if a representative were in place.

Note for EU/EEA data subjects: The absence of an Article 27 representative does not in any way limit your rights under the GDPR or the UK GDPR. We commit to handling your requests in good faith, free of charge (subject to Section 9), and within the statutory response window.

4. Your Eight Rights at a Glance

RightWhat it meansGDPR article
Be informedTo be told, in plain language, what personal data we collect and how we use it.Arts. 13 & 14
AccessTo get a copy of the personal data we hold about you, and confirmation that we are processing it.Art. 15
RectificationTo have inaccurate personal data corrected and incomplete data completed.Art. 16
Erasure ("right to be forgotten")To have your personal data deleted in certain circumstances (e.g. you withdraw consent and there is no other legal basis).Art. 17
Restriction of processingTo have us pause processing while a dispute is resolved (e.g. you contest accuracy).Art. 18
Data portabilityTo receive your data in a structured, commonly-used, machine-readable format and to transmit it to another controller.Art. 20
ObjectTo object to processing based on legitimate interests, including direct marketing (which you can object to absolutely, at any time).Art. 21
Not be subject to automated decision-makingTo not be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects.Art. 22

You also have the right to withdraw consent at any time, where processing is based on consent (Art. 7(3)). Withdrawing consent does not affect the lawfulness of processing carried out before you withdrew it.

We process personal data on one of the following legal bases. For full details see Section 4 of our Privacy Policy.

  • Contract (Art. 6(1)(b)) — to provide the service you have asked for.
  • Legitimate interests (Art. 6(1)(f)) — security, fraud prevention, aggregate analytics.
  • Consent (Art. 6(1)(a)) — non-essential cookies, marketing emails.
  • Legal obligation (Art. 6(1)(c)) — tax records, legal process.

6. How to Exercise Your Rights

To exercise any of the rights above, send an email to info@baaed.com with the subject line "GDPR Request — [type of request]". Please include:

  • The right you wish to exercise (access, deletion, rectification, etc.).
  • The email address associated with your account.
  • Enough information for us to verify your identity (see Section 8).
  • If applicable, the specific data or processing your request relates to.

You can also exercise the right of access and erasure directly from your account dashboard, where signed in.

7. Our Response Times

We will respond to a verified request within one calendar month (Art. 12(3) GDPR). For complex or numerous requests we may extend this period by a further two months and will notify you of the extension and its reasons within the first month.

8. Identity Verification

To protect your data we need to be reasonably certain we are dealing with you. We will normally verify your identity by sending a confirmation email to the address on file. For sensitive requests (e.g. erasure of an account containing payment history) we may ask for additional verification — for example, confirming a recent transaction reference. We will only ask for what is necessary to verify identity (Art. 12(6)).

9. Fees

Exercising your rights is free. We may charge a reasonable administrative fee, or refuse to act, only where a request is manifestly unfounded or excessive (in particular, repetitive). We will explain any such decision and your right to challenge it.

10. Right to Lodge a Complaint

If you believe we have mishandled your personal data, please contact us first so we can try to resolve the matter. You also have the right to lodge a complaint with your national data-protection authority. Examples:

11. International Data Transfers

Some of our service providers (and our hosting infrastructure) are based outside the EEA, primarily in the United States. Where we transfer personal data outside the EEA/UK we rely on appropriate safeguards under Chapter V of the GDPR, including:

  • Standard Contractual Clauses (Commission Decision 2021/914) with our processors.
  • EU–US Data Privacy Framework certification, where the recipient is enrolled.
  • Adequacy decisions for transfers to countries the European Commission has deemed to provide adequate protection.

You can request a copy of the safeguard relied on for any specific transfer by contacting us.

12. Data Breach Notification

If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (Art. 33 GDPR). Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay (Art. 34 GDPR).

13. Contact

For all GDPR enquiries:

Your Company — Privacy Team

Email: info@baaed.com