> ## Documentation Index > Fetch the complete documentation index at: https://docs.lighton.ai/llms.txt > Use this file to discover all available pages before exploring further. # GDPR Compliance > Understand how Paradigm complies with GDPR regulations and your rights regarding personal data processing. ## Overview The General Data Protection Regulation (GDPR) is a European Union regulation that governs how organizations collect, process, and protect personal data of EU residents. Paradigm is committed to full GDPR compliance and transparency in our data handling practices. ## Your Rights Under GDPR As a data subject under GDPR, you have the following rights regarding your personal data: ### Right of Access * You can request information about what personal data we process about you * You can obtain a copy of your personal data in a structured format ### Right to Rectification * You can request correction of inaccurate personal data * You can request completion of incomplete personal data ### Right to Erasure (Right to be Forgotten) * You can request deletion of your personal data under certain circumstances * This applies when data is no longer necessary for the original purpose ### Right to Restrict Processing * You can request limitation of processing under specific conditions * Data can be stored but not actively processed during restriction periods ### Right to Data Portability * You can receive your personal data in a machine-readable format * You can request direct transfer to another data controller where technically feasible ### Right to Object * You can object to processing based on legitimate interests * You can object to direct marketing at any time ## Data Processing Lawful Basis We process your personal data based on: * **Contractual necessity**: To fulfill our service obligations * **Legitimate interests**: For system security and service improvement * **Legal compliance**: To meet regulatory requirements * **Consent**: Where explicitly provided for specific processing activities ## Data Protection Measures ### Technical Safeguards * End-to-end encryption for data in transit * Encryption at rest for stored personal data * Access controls and authentication systems * Regular security assessments and updates ### Organizational Measures * Privacy by design principles in system development * Regular staff training on data protection * Data processing impact assessments * Incident response procedures ## Data Retention * Personal data is retained only as long as necessary for the stated purposes * Retention periods are clearly defined and regularly reviewed * Automated deletion processes ensure timely data removal * Special categories of data have enhanced protection measures ## International Data Transfers When transferring personal data outside the EU: * We ensure adequate protection through appropriate safeguards * Standard contractual clauses or adequacy decisions are used * Recipients are contractually bound to maintain data protection standards ## Exercising Your Rights To exercise your GDPR rights: 1. **Contact our Data Protection Officer**: * Email: [privacy@lighton.ai](mailto:privacy@lighton.ai) * Include clear identification and specific request details 2. **Response Timeline**: * We respond within 30 days of receiving your request * Complex requests may require up to 60 additional days with notification 3. **Verification Process**: * Identity verification may be required for security * Additional information may be requested to locate your data ## Complaints and Remedies If you believe your data protection rights have been violated: * **Internal Resolution**: Contact our Data Protection Officer first * **Supervisory Authority**: File a complaint with your local data protection authority * **Judicial Remedy**: Pursue legal remedies through competent courts ## Data Protection Officer Our appointed Data Protection Officer oversees GDPR compliance and serves as your point of contact for data protection matters. **Contact Information**: * Email: [privacy@lighton.ai](mailto:privacy@lighton.ai) * Role: Independent oversight of data processing activities * Responsibilities: Monitoring compliance, conducting impact assessments, serving as point of contact ## Regular Updates This GDPR compliance documentation is regularly reviewed and updated to reflect: * Changes in data processing activities * Updates to legal requirements * Improvements in data protection measures * Feedback from data subjects and authorities