GDPR Compliance Statement

1. Our Commitment

Visit Three is fully committed to complying with the General Data Protection Regulation (GDPR) and providing our users in the European Economic Area (EEA) and globally with privacy rights and robust data protection standards.

2. Data Controller and Processor

For the core services provided through our developer platform, Visit Three acts as the Data Controller for your account information (like name and email). When processing API requests containing personal data on behalf of our users, we act as a Data Processor.

3. Your Data Rights

Under the GDPR, you have several rights regarding your personal data:

• Right to Access: You can request a copy of your personal data.
• Right to Rectification: You can request that we correct any inaccurate data.
• Right to Erasure (Right to be Forgotten): You can request the deletion of your account and personal data.
• Right to Data Portability: You can request your data in a structured, commonly used machine-readable format.

4. Data Breaches

In the unlikely event of a data breach, Visit Three has a swift incident response plan in place. We will notify the applicable regulatory authorities and affected users within 72 hours of becoming aware of the breach, in accordance with GDPR requirements.

5. Contact Us

For any questions regarding our GDPR compliance, data processing agreements (DPAs), or to exercise your rights, please contact our Data Protection Officer at privacy@visithree.com.