GarmentDesk is committed to protecting the personal data of all its users, whether you are based in the European Union, UK, USA, or anywhere else in the world. This page explains your rights under GDPR and how we handle personal data responsibly.
Even if you are not based in Europe, we apply GDPR principles across our entire service as a best practice for data protection.
1. What Is GDPR?
GDPR stands for the General Data Protection Regulation. It is a European Union law that gives people stronger control over their personal data and sets rules for how organisations collect, use, and store that data.
The key principles of GDPR that GarmentDesk follows are:
- Lawfulness, Fairness and Transparency — we only collect data we are allowed to, and we tell you about it
- Purpose Limitation — we only use data for the reason we collected it
- Data Minimisation — we collect only what we actually need
- Accuracy — we keep your data correct and up to date
- Storage Limitation — we do not keep data longer than necessary
- Security — we protect data with appropriate technical and organisational measures
- Accountability — we can demonstrate that we follow all of the above
2. Legal Basis for Processing Your Data
Under GDPR, we can only process your personal data if we have a valid legal reason. Here are the legal bases we rely on:
Legal Basis | When We Use It | Example |
Contract Performance | When we need data to provide our service to you | Using your email to send your invoice |
Legitimate Interests | When we have a genuine business reason | Improving our software based on usage patterns |
Legal Obligation | When required by law | Keeping billing records for tax purposes |
Consent | When you opt in to optional features | Sending marketing emails (you can opt out anytime) |
3. Your Rights Under GDPR
If you are located in the EU, UK, or a country with equivalent data protection laws, you have the following rights. GarmentDesk respects these rights for all users globally.
3.1 Right to Access
You can ask us to provide a copy of all the personal data we hold about you. We will respond within 30 days.
Tip: Go to Settings > Data Export to download your data directly, or email support@garmentdesk.com to request a full data report.
3.2 Right to Rectification (Correction)
If any of your personal data is inaccurate or incomplete, you have the right to have it corrected. You can update most information yourself in your account settings, or contact us to make corrections.
3.3 Right to Erasure ('Right to Be Forgotten')
You can ask us to delete your personal data. We will delete it unless we are legally required to keep certain records. You can delete your account through Settings > Delete Account, or by contacting us.
3.4 Right to Restriction of Processing
You can ask us to temporarily stop using your data in certain circumstances — for example, if you believe the data is inaccurate and want us to pause processing while we investigate.
3.5 Right to Data Portability
You have the right to receive your data in a machine-readable format (e.g., CSV or JSON) so you can transfer it to another service. Use the Data Export function in Settings, or contact us.
3.6 Right to Object
You can object to certain types of data processing, including:
- Direct marketing communications (you can unsubscribe from marketing emails at any time)
- Processing based on our legitimate interests, if your interests override ours
3.7 Rights Related to Automated Decision-Making
GarmentDesk does not make automated decisions about you that have legal or significant effects on you (such as credit scoring). We do not use your data for profiling in ways that affect your rights.
4. Data You Enter About Your Customers
As a GarmentDesk user, you likely enter data about your own customers (names, measurements, contact details). Under GDPR:
- You are the Data Controller for your customers’ data — you decide why and how it is collected.
- GarmentDesk is the Data Processor — we store and process it strictly on your behalf.
- You are responsible for having a lawful basis to collect your customers’ data and for informing them about how you use it.
- You should not enter sensitive personal data (such as medical information) into GarmentDesk unless it is necessary.
5. Data Processing Agreement (DPA)
Under GDPR, if you are a business in the EU and you use GarmentDesk to process your customers’ personal data, you may need a formal Data Processing Agreement (DPA) with us.
If you require a DPA, please contact us at support@garmentdesk.com and we will provide one.
6. International Data Transfers
GarmentDesk may process and store data on servers located outside your country. Where data is transferred internationally, we ensure it is protected through appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms approved under GDPR.
7. Data Retention
We retain personal data only for as long as necessary:
- Active account data: Retained for as long as your account is active
- After account deletion: Retained for 30 days for recovery purposes, then permanently deleted
- Billing records: Retained for up to 7 years as required by law
Anonymised analytics data: May be retained indefinitely (no personal information)
8. Data Breach Notification
In the unlikely event of a data breach that risks your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware
- Notify affected users without undue delay if the breach poses a high risk
- Take immediate steps to contain and address the breach
9. Data Protection Officer (DPO)
GarmentDesk has appointed a responsible person for data protection matters. To contact our data protection team:
Data Protection Contact
Email: support@garmentdesk.com
Subject line: GDPR Request — [Your Name]
We aim to respond within 30 days (as required by GDPR).
10. How to Lodge a Complaint
If you believe we have not handled your data correctly, you have the right to lodge a complaint with your national data protection authority. In the EU, you can find your authority at edpb.europa.eu. In the UK, contact the ICO at ico.org.uk.
We would appreciate the opportunity to resolve any concerns directly first — please contact us at support@garmentdesk.com before approaching a regulator.