AppCube Security

GDPR Compliance

Last updated: June 15, 2025

Our Commitment to GDPR Compliance

AppCube Security is committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). This policy explains how we adhere to GDPR requirements and protect your rights under this regulation.

Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

  • Right to be informed about how your personal data is used
  • Right to access your personal data
  • Right to rectification of inaccurate personal data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing of your personal data
  • Right to data portability
  • Right to object to processing of your personal data
  • Rights related to automated decision making and profiling

How We Process Your Data

We process personal data only when we have a lawful basis for doing so under GDPR Article 6:

  • Consent: When you have given clear consent for us to process your personal data for a specific purpose
  • Contract: When processing is necessary for a contract we have with you
  • Legal Obligation: When processing is necessary for us to comply with the law
  • Vital Interests: When processing is necessary to protect someone's life
  • Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party

Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data during transmission and storage
  • Regular testing and evaluation of security measures
  • Ability to ensure ongoing confidentiality, integrity, and availability of processing systems
  • Process for regularly testing, assessing, and evaluating security measures
  • Staff training on data protection and security

International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place:

  • Standard contractual clauses approved by the European Commission
  • Binding corporate rules for transfers within our corporate group
  • Adequacy decisions by the European Commission

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for:

  • Monitoring our compliance with GDPR
  • Advising on our data protection obligations
  • Acting as a point of contact for data subjects and supervisory authorities

Data Breach Procedures

In the event of a personal data breach, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Inform affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms
  • Document all breaches, including their effects and remedial action taken

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) when using new technologies or when processing is likely to result in a high risk to individuals' rights and freedoms.

Records of Processing Activities

We maintain records of our processing activities, including:

  • Purposes of processing
  • Categories of personal data and data subjects
  • Categories of recipients
  • International transfers
  • Retention periods
  • Security measures

Exercising Your Rights

To exercise any of your rights under GDPR, please contact our Data Protection Officer:

  • By email: [email protected]
  • By mail: ROOM 511, 5/F, MING SANG IND BLDG, 19-21 HING YIP STREET, KWUN TONG, KLN, HONG KONG

We will respond to your request within one month. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

Updates to This Policy

We regularly review and update our GDPR compliance policy to ensure it remains current with our practices and regulatory requirements. Any changes will be posted on this page with an updated revision date.