# GDPR ilert is subject to European data protection law as a German company and has implemented comprehensive measures to protect personal data. ## Data Processing Role ilert acts as a **Data Processor** under Art. 28 GDPR when processing customer data. ilert acts as a Data Controller only in limited circumstances (billing, account management, fraud prevention, compliance with legal obligations). ## Data Processing Agreement ilert provides a standard [Data Processing Agreement](/trust-center/legal/data-processing-agreement.md) compliant with Art. 28(3) and (4) GDPR, covering: * Categories of data subjects and personal data processed * Purpose and duration of processing * Technical and organizational measures (Annex III — see [Security Controls](/trust-center/security/security-controls.md)) * Sub-processor management and notification procedures * Data breach notification obligations * Audit rights ## Data Protection Officer ilert has appointed an external Data Protection Officer: * **secjur GmbH**, Steinhöft 9, 20459 Hamburg * Phone: +49 40 228 599 520 * Email: ## Data Subject Rights ilert supports customers in fulfilling data subject requests including access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection (Art. 21). ## Data Location All customer data is stored and processed within the EU. See [Data Hosting & Residency](/trust-center/infrastructure/data-hosting-and-residency.md) for details. ## Data Breach Notification In the event of a personal data breach, ilert notifies affected customers without undue delay and assists in fulfilling obligations under Articles 33 and 34 GDPR. ## Data Deletion See [Security Controls — Deletion of Customer Data](/trust-center/security/security-controls.md#deletion-of-customer-data) for retention and deletion timelines. ## Sub-processor Management See [Sub-processor List](/trust-center/legal/subprocessors.md). Customers receive 30 days' prior written notice of any new or replacement sub-processor, with the right to object. ## Privacy Policies * [Privacy Policy — Website](/trust-center/legal/privacy-policy-website.md) * [Privacy Policy — ilert Platform](/trust-center/legal/privacy-policy-platform.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ilert.com/trust-center/compliance/gdpr.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.