Staist    Back to Home

    GDPR Compliance

    Last updated: January 15, 2026

    Our Commitment to GDPR

    Staist is committed to supporting GDPR principles and protecting the privacy rights of individuals in the European Economic Area (EEA).

    Lawful Basis

    We only process personal data when we have a lawful basis: contract performance, legitimate interests, legal obligation, or consent.

    Data Minimization

    We collect only the personal data necessary for our services and retain it only for as long as needed.

    Data Portability

    You can export your data at any time in a machine-readable format. Request exports through your account settings.

    Right to Erasure

    You can request deletion of your personal data at any time. We process erasure requests within 30 days.

    Your Rights Under GDPR

    As a data subject, you have the following rights regarding your personal data:

    • Right of Access - You can request a copy of all personal data we hold about you.
    • Right to Rectification - You can request correction of inaccurate or incomplete personal data.
    • Right to Erasure - You can request deletion of your personal data under certain circumstances.
    • Right to Restrict Processing - You can request limitation of how we use your data.
    • Right to Data Portability - You can receive your data in a structured, machine-readable format.
    • Right to Object - You can object to processing based on legitimate interests or for direct marketing.
    • Rights Related to Automated Decision-Making - You can request human review of automated decisions that significantly affect you.

    Data Processing Agreements

    Staist acts as a data processor on behalf of our customers (data controllers). Where required by applicable data protection laws, we are prepared to enter into a Data Processing Agreement (DPA) that reflects the requirements of Article 28 of the GDPR.

    International Data Transfers

    When transferring personal data outside the EEA, we rely on appropriate legal safeguards in accordance with applicable data protection laws, such as Standard Contractual Clauses where required.

    Data Breach Notification

    In the event of a personal data breach, we will notify affected customers without undue delay and provide relevant information in accordance with applicable data protection laws.

    Exercise Your Rights

    To exercise any of your GDPR rights please contact:

    Email: privacy@staist.com

    We will respond to all requests within 30 days. You also have the right to lodge a complaint with your local supervisory authority.