GDPR Compliance
Last updated: January 6, 2025
Your Rights Under GDPR
The General Data Protection Regulation (GDPR) provides individuals in the European Union and European Economic Area with comprehensive rights regarding their personal data. As a data subject, you have the fundamental right to control how your personal information is collected, processed, and used by organizations. Moccet LLC is committed to upholding these rights and ensuring that you can exercise them easily and effectively.
Under GDPR, you have the right to access your personal data and obtain information about how we process it. You can request rectification of any inaccurate or incomplete data we hold about you. You have the right to erasure, commonly known as the "right to be forgotten," allowing you to request deletion of your personal data under certain circumstances. Additionally, you can restrict processing of your data, object to specific processing activities, and receive your data in a portable, machine-readable format to transfer to another service provider.
Your Specific Rights Include:
- • Right of Access: Obtain confirmation and copies of your personal data
- • Right to Rectification: Correct inaccurate or incomplete personal data
- • Right to Erasure: Request deletion under specific circumstances
- • Right to Restrict Processing: Limit how we use your data
- • Right to Data Portability: Receive data in a structured format
- • Right to Object: Object to processing based on legitimate interests
- • Right to Withdraw Consent: Withdraw consent at any time
Legal Basis for Processing
We process personal data only when we have a valid legal basis under GDPR. Our processing activities are carefully evaluated to ensure they fall within one of the six lawful bases defined by the regulation. We maintain detailed records of our processing activities and the legal basis for each, ensuring transparency and accountability in our data handling practices.
For most of our core services, we rely on contractual necessity as our legal basis. This means processing is necessary to fulfill our contractual obligations to you when you use our platform. We also process data based on legitimate interests, carefully balancing our business needs with your rights and freedoms. Where required, we obtain your explicit consent, particularly for marketing communications and certain cookie uses. Additionally, we may process data to comply with legal obligations imposed by applicable laws and regulations.
We regularly review our legal bases to ensure they remain appropriate and valid. If we change the legal basis for processing your data, we will inform you and ensure the new basis is legitimate. You have the right to challenge our reliance on legitimate interests and request that we cease processing your data on this basis.
Data Processing Activities
Our data processing activities are designed to provide you with excellent service while maintaining the highest standards of privacy protection. We process various categories of personal data, each for specific, legitimate purposes. We maintain comprehensive records of all processing activities in accordance with Article 30 of the GDPR, documenting what data we process, why we process it, how long we keep it, and with whom we share it.
Identity and contact data, including your name, email address, and phone number, are processed to create and manage your account, communicate with you about our services, and provide customer support. Technical data such as IP addresses, browser information, and device details help us ensure platform security, prevent fraud, and optimize your user experience. We process usage data to understand how you interact with our platform, enabling us to improve our services and develop new features that meet your needs.
Project-related data, including briefs, communications, and deliverables, is processed to facilitate collaboration between clients and talent on our platform. Financial data is processed securely to handle payments, maintain transaction records, and comply with tax and accounting requirements. We implement strict access controls and data minimization principles to ensure that only necessary data is processed for each specific purpose.
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, plus any additional period required by law or for the establishment, exercise, or defense of legal claims. Our retention periods are carefully determined based on the nature of the data, the purposes of processing, and applicable legal requirements. We have implemented automated systems to ensure data is deleted or anonymized when retention periods expire.
Account data is retained for the duration of your active use of our services. When you request account deletion, we retain certain information for an additional 30 days to allow for account recovery before permanent deletion. Project-related data and financial records are retained for seven years after project completion to comply with tax, accounting, and contractual obligations. Communication records are kept for three years to support customer service and resolve any disputes that may arise.
Technical and security logs are retained for two years to enable security investigations and protect against fraudulent activity. Marketing preferences and consent records are maintained until you withdraw consent, plus an additional period to evidence that we have respected your withdrawal. We regularly review and update our retention schedules to ensure they remain appropriate and compliant with evolving legal requirements.
International Transfers
As a global platform, Moccet LLC may need to transfer your personal data outside the European Economic Area (EEA) to provide our services effectively. We understand the importance of maintaining equivalent protection for your data regardless of where it is processed. Therefore, we have implemented comprehensive safeguards to ensure that all international transfers comply with GDPR requirements and that your data receives the same level of protection as it would within the EEA.
When transferring data to countries not recognized by the European Commission as providing adequate protection, we rely on appropriate safeguards. These include Standard Contractual Clauses (SCCs) approved by the European Commission, which create binding obligations on the data recipient to protect your information. We also utilize additional technical and organizational measures to enhance protection, such as encryption, access controls, and regular security assessments of our international partners and service providers.
You have the right to obtain information about the safeguards we use for international transfers of your data. We maintain detailed records of all international transfers, including the countries involved, the safeguards applied, and the purposes of the transfer. If you have concerns about international transfers of your data, please contact our Data Protection Officer who can provide more detailed information about the specific safeguards in place for your data.
Data Protection Officer
Moccet LLC has appointed a Data Protection Officer (DPO) to oversee our data protection strategy and ensure ongoing compliance with GDPR and other privacy regulations. Our DPO is an independent professional with expert knowledge of data protection law and practices, serving as your primary point of contact for all privacy-related matters. The DPO reports directly to our highest management level and has the authority to make decisions regarding data protection practices.
Our DPO is responsible for monitoring internal compliance, informing and advising on data protection obligations, providing advice regarding Data Protection Impact Assessments (DPIAs), and serving as a liaison with supervisory authorities. They also oversee our privacy training programs, conduct regular audits of our data processing activities, and ensure that privacy by design principles are embedded in all new projects and initiatives.
You can contact our DPO directly with any questions, concerns, or requests related to your personal data. They are available to assist you in exercising your rights, understanding our privacy practices, or addressing any privacy concerns you may have. The DPO maintains strict confidentiality and independence in handling all inquiries, ensuring that your privacy concerns are addressed objectively and thoroughly.
Exercising Your Rights
We have established clear and accessible procedures to help you exercise your GDPR rights effectively. When you submit a request, we will acknowledge receipt within 72 hours and provide a full response within one month. In complex cases, we may extend this period by up to two additional months, but we will inform you of any extension and the reasons for it within the initial one-month period.
To protect your privacy and ensure security, we must verify your identity before processing any request. This typically involves confirming details that only you would know about your account. For sensitive requests such as data deletion or access to detailed personal information, we may require additional verification steps. We will never ask for passwords or payment information as part of the verification process.
Most requests can be fulfilled free of charge. However, if requests are manifestly unfounded, excessive, or repetitive, we may charge a reasonable fee based on administrative costs or refuse to act on the request. In such cases, we will explain our decision and inform you of your right to complain to the supervisory authority. We maintain detailed records of all rights requests and our responses to demonstrate compliance and continuous improvement of our processes.
Automated Decision-Making
Moccet LLC uses advanced AI and machine learning technologies to enhance our services, but we are committed to ensuring that automated processing respects your rights and freedoms. We employ automated systems for certain processes such as matching talent with projects, generating project recommendations, and detecting fraudulent activity. However, we do not make decisions based solely on automated processing that would have legal or similarly significant effects on you without human involvement.
Where automated processing plays a significant role in decision-making, we ensure meaningful human oversight and intervention. You have the right to request human review of any automated decisions, express your point of view, and contest the decision. We maintain transparency about our use of automated systems, providing clear information about the logic involved, the significance of the processing, and the envisaged consequences for you.
We regularly audit our automated systems for accuracy, fairness, and bias. Our AI models are designed with privacy by design principles, processing only the minimum data necessary and incorporating techniques such as differential privacy where appropriate. If you have concerns about automated processing of your data, you can opt out of certain automated features while still using our core services.
Data Security Measures
We implement state-of-the-art technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. Our security framework is based on industry best practices and is regularly reviewed and updated to address emerging threats. We employ a defense-in-depth strategy with multiple layers of security controls to ensure comprehensive protection of your data.
Technical measures include encryption of data in transit and at rest using strong cryptographic standards, multi-factor authentication for all accounts, regular security patches and updates, intrusion detection and prevention systems, and continuous monitoring of our infrastructure. Organizational measures encompass strict access controls based on the principle of least privilege, regular security training for all staff, confidentiality agreements with employees and contractors, incident response procedures, and regular security assessments and penetration testing.
In the unlikely event of a personal data breach, we have robust procedures in place to detect, investigate, and respond quickly. We will notify the relevant supervisory authority within 72 hours of becoming aware of a breach, and if the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, providing clear information about the nature of the breach and the steps you can take to protect yourself.
Third-Party Processors
To provide our services effectively, we work with carefully selected third-party processors who handle personal data on our behalf. These processors include cloud infrastructure providers, payment processors, email service providers, analytics services, and customer support tools. We maintain a comprehensive inventory of all processors and sub-processors, which is available upon request.
Before engaging any processor, we conduct thorough due diligence to ensure they can provide sufficient guarantees of implementing appropriate technical and organizational measures. All processors are bound by data processing agreements that include the standard contractual clauses required by GDPR. These agreements ensure that processors only process data on our documented instructions, maintain confidentiality, implement appropriate security measures, and assist us in fulfilling our obligations to you.
We regularly audit our processors to ensure ongoing compliance with their contractual obligations and GDPR requirements. If a processor wishes to engage a sub-processor, they must obtain our prior written authorization, and we maintain the right to object to any sub-processor that does not meet our standards. You have the right to obtain information about our processors and the safeguards in place to protect your data when it is processed by third parties.
Children's Privacy
Moccet LLC is designed for use by adults and is not directed at children under the age of 16. We do not knowingly collect or process personal data from children under this age threshold. Our terms of service require users to confirm they are at least 16 years old or have parental consent. If we become aware that we have collected personal data from a child under 16 without appropriate consent, we will take immediate steps to delete that information.
For users between 16 and 18 years of age, we recommend parental involvement in decisions about using our platform, particularly for entering into contracts or making financial commitments. While GDPR permits processing of personal data of individuals 16 and older in certain circumstances, we encourage young users to discuss their use of our services with parents or guardians.
If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact our Data Protection Officer immediately. We will promptly investigate and, if confirmed, delete the child's information and terminate any associated account. We are committed to protecting children's privacy and will cooperate with parents and authorities to ensure appropriate protection.
Changes to This Policy
This GDPR compliance statement may be updated periodically to reflect changes in our data processing activities, legal requirements, or in response to feedback from users and regulatory authorities. We are committed to maintaining transparency about these changes and will ensure you are appropriately informed when updates occur. All changes will be posted on this page with an updated revision date.
For significant changes that materially affect your rights or how we process your personal data, we will provide additional notice through email or a prominent notice on our platform. Such significant changes might include new purposes for processing, new categories of data collected, new data sharing arrangements, or changes to retention periods. We will provide at least 30 days' notice before significant changes take effect.
We maintain a version history of this policy to ensure transparency about changes over time. If you disagree with any changes, you may exercise your rights including the right to object to processing or to close your account. Continued use of our services after changes take effect constitutes acceptance of the updated policy. We encourage you to review this page periodically to stay informed about our privacy practices.