HostMyHOA
Login

GDPR Compliance

General Data Protection Regulation Information

Last updated: 7/18/2025

Our Commitment to GDPR

HostMyHOA is committed to protecting your privacy and ensuring compliance with the European Union's General Data Protection Regulation (GDPR). This page explains how we meet our obligations under GDPR and your rights as a data subject.

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

Consent (Article 6(1)(a))

  • Marketing communications (when you opt-in)
  • Non-essential cookies and analytics
  • Optional features and services

Contract Performance (Article 6(1)(b))

  • Account creation and management
  • Service delivery and platform access
  • Payment processing
  • Customer support

Legitimate Interests (Article 6(1)(f))

  • Platform security and fraud prevention
  • Service improvement and optimization
  • Business analytics and reporting
  • Legal compliance and dispute resolution

Legal Obligation (Article 6(1)(c))

  • Tax and accounting requirements
  • Regulatory compliance
  • Legal proceedings

Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access (Article 15)

You can request confirmation of whether we process your personal data and obtain a copy of your data along with information about how it's being processed.

Right to Rectification (Article 16)

You can request correction of inaccurate personal data and completion of incomplete data.

Right to Erasure (Article 17)

You can request deletion of your personal data under certain circumstances, including:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there's no other legal basis
  • The data has been unlawfully processed
  • You object to processing based on legitimate interests

Right to Restrict Processing (Article 18)

You can request limitation of processing in certain situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability (Article 20)

You can receive your personal data in a structured, commonly used format and transmit it to another controller.

Right to Object (Article 21)

You can object to processing based on legitimate interests, direct marketing, or profiling.

Right to Withdraw Consent (Article 7)

Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

Exercising Your Rights

To exercise any of your rights, please contact us using the information provided below. We will:

  • Respond within one month of receiving your request
  • Verify your identity before processing requests
  • Provide information free of charge (unless requests are excessive)
  • Explain if we cannot fulfill your request and why

Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer:

Email: dpo@hostmyhoa.com

Address: Data Protection Officer, HostMyHOA, 123 Community Lane, San Francisco, CA 94102

Data Transfers

When we transfer your data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for certain countries
  • Binding Corporate Rules where applicable
  • Certification schemes and codes of conduct

Data Retention

We retain personal data only for as long as necessary to:

  • Provide our services
  • Comply with legal obligations
  • Resolve disputes
  • Enforce our agreements

Retention Periods

Account Data: Until account deletion + 30 days

Payment Data: 7 years (legal requirement)

Marketing Data: Until consent is withdrawn

Support Data: 3 years after case closure

Security Measures

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Employee training and confidentiality agreements
  • Data backup and recovery procedures
  • Incident response procedures

Data Breach Notification

In the event of a data breach that may result in high risk to your rights and freedoms, we will:

  • Report to the relevant supervisory authority within 72 hours
  • Notify affected individuals without undue delay
  • Provide clear information about the breach and our response
  • Offer guidance on protective measures you can take

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR. You can contact:

  • Your local data protection authority
  • The authority in the EU member state where you live, work, or where the alleged violation occurred
  • The Irish Data Protection Commission (our lead supervisory authority)

Privacy by Design

We implement privacy by design principles in our platform development:

  • Data minimization - we collect only necessary data
  • Purpose limitation - data is used only for specified purposes
  • Storage limitation - data is kept only as long as necessary
  • Accuracy - we maintain accurate and up-to-date data
  • Integrity and confidentiality - we protect data security

Updates to This Information

We may update this GDPR compliance information to reflect changes in our practices or legal requirements. We will notify you of significant changes through our platform or by email.

Contact Information

For any GDPR-related questions or to exercise your rights, please contact us:

Email: privacy@hostmyhoa.com

GDPR Specific: gdpr@hostmyhoa.com

Address: 123 Community Lane, San Francisco, CA 94102

Phone: 1-800-HOA-HELP