Learn how SDC LEKA complies with the General Data Protection Regulation and protects your rights.
Last Updated: October 15, 2025
SDC LEKA is committed to protecting the privacy and personal data of individuals in the European Economic Area (EEA), United Kingdom, and Switzerland in accordance with the General Data Protection Regulation (GDPR) and related data protection laws.This page provides information about how we comply with GDPR requirements and explains your rights under this regulation.
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to:- Organizations established in the EEA
• Organizations outside the EEA that offer goods or services to individuals in the EEA
• Organizations that monitor the behavior of individuals in the EEASDC LEKA processes personal data of EEA residents and is committed to full GDPR compliance.
Data Controller: SDC LEKA
Principal Office: New York City, NY, USA
Operations: Fort Lauderdale, FL, USA
Contact: privacy@sdcleka.com
Website: https://sdcleka.com
Data Protection Officer: privacy@sdcleka.com
For GDPR-related inquiries, please contact our Data Protection Officer at the email address above.
SDC LEKA adheres to the following GDPR principles when processing personal data:
We process personal data lawfully, fairly, and transparently. We clearly inform you about:
• What data we collect
• Why we collect it
• How we use it
• Who we share it with
• Your rights regarding your data
We collect personal data for specified, explicit, and legitimate purposes and do not process it in ways incompatible with those purposes.
We collect only the personal data that is adequate, relevant, and necessary for our stated purposes.
We take reasonable steps to ensure personal data is accurate and kept up to date. Inaccurate data is erased or corrected promptly.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
We implement appropriate technical and organizational measures to ensure data security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage.
We are responsible for demonstrating compliance with these principles and maintain documentation of our data processing activities.
We process your personal data based on one or more of the following legal grounds:
Consent: You have given clear consent for us to process your personal data for specific purposes (e.g., marketing communications).
Contract: Processing is necessary for a contract we have with you, or to take steps at your request before entering into a contract (e.g., providing tech talent services).
Legal Obligation: Processing is necessary for us to comply with legal or regulatory requirements (e.g., tax obligations).
Legitimate Interests: Processing is necessary for our legitimate business interests or those of a third party, except where such interests are overridden by your rights and interests (e.g., fraud prevention, network security).
Vital Interests: Processing is necessary to protect someone's life (rarely applicable).
Public Task: Processing is necessary for us to perform a task in the public interest or for official functions (not typically applicable to SDC LEKA).
Under GDPR, you have the following rights regarding your personal data:
You have the right to clear, transparent information about how we use your personal data. This is provided in our Privacy Policy and this GDPR Compliance page.
You have the right to request:
- Confirmation that we process your personal data
- Access to your personal data
- Additional information about our processing activities
We will provide a copy of your personal data free of charge. Additional copies may incur a reasonable fee.
You have the right to request deletion of your personal data when:
- It is no longer necessary for the purposes it was collected
- You withdraw consent (where processing is based on consent)
- You object to processing and there are no overriding legitimate grounds
- Personal data has been unlawfully processed
- Deletion is required for legal compliance
This right is not absolute and may be limited by legal obligations to retain certain data.
We are responsible for demonstrating compliance with these principles and maintain documentation of our data processing activities.
You have the right to request restriction of processing when:
- You contest the accuracy of personal data
- Processing is unlawful but you oppose erasure
- We no longer need the data, but you need it for legal claims
- You have objected to processing pending verification of our legitimate grounds
You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller when:
- Processing is based on consent or contract
- Processing is carried out by automated means
You have the right to object to processing based on:
- Legitimate interests
- Performance of a task in the public interest
- Direct marketing (absolute right)
- Scientific/historical research or statistical purposes
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal or similarly significant effects, unless:
- It is necessary for entering into or performing a contract
- It is authorized by law
- You have given explicit consent
SDC LEKA does not currently engage in automated decision-making with legal or significant effects.
Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.
You have the right to lodge a complaint with your local supervisory authority if you believe our processing of your personal data violates GDPR.
- EEA: https://edpb.europa.eu/about-edpb/board/members_en
- UK: Information Commissioner's Office (ICO) - https://ico.org.uk
- Switzerland: Federal Data Protection and Information Commissioner (FDPIC)
To exercise any of your GDPR rights, please:
Email: privacy@sdcleka.com
Subject: "GDPR Rights Request"
Include:
- Your full name
- Email address associated with your account
- Specific right you wish to exercise
- Any relevant details to help us locate your data
- Proof of identity (if requested)
Response Time: We will respond to your request within 30 days. In complex cases, we may extend this by an additional 60 days and will inform you of the delay.
Verification: We may need to verify your identity before processing your request to protect your personal data from unauthorized access.
No Fee: Exercising your rights is generally free of charge. We may charge a reasonable fee for manifestly unfounded or excessive requests.
SDC LEKA is based in the United States. When we transfer personal data from the EEA, UK, or Switzerland to the US or other countries, we ensure appropriate safeguards are in place:
Standard Contractual Clauses (SCCs): We use European Commission-approved Standard Contractual Clauses with our service providers and partners.
Adequacy Decisions: Where applicable, we rely on European Commission adequacy decisions recognizing certain countries as providing adequate data protection.
Additional Safeguards: We implement supplementary measures such as:
- Encryption of data in transit and at rest
- Access controls and authentication
- Regular security assessments
- Contractual obligations on data processors
We conduct Transfer Impact Assessments (TIAs) to evaluate the level of protection in destination countries and implement additional measures where necessary.
We implement appropriate technical and organizational measures to protect personal data:
- Encryption (TLS/SSL for data in transit, AES-256 for data at rest)
- Firewall protection and intrusion detection systems
- Regular security testing and vulnerability assessments
- Multi-factor authentication
- Secure backup and disaster recovery systems
- Access logging and monitoring
- Data protection policies and procedures
- Employee training on data protection
- Confidentiality agreements with staff and contractors
- Access controls based on need-to-know principle
- Incident response and breach notification procedures
- Regular compliance audits
- Vendor management and due diligence
We retain personal data only as long as necessary for the purposes for which it was collected or as required by law.
Retention Periods:
- Active customer accounts: Duration of relationship + 3 years
- Prospective clients: 3 years from last contact
- Tech professional applications: 2 years from submission
- Marketing communications: Until unsubscribe + 30 days
- Support records: 5 years
- Financial records: 7 years (legal requirement
- Website analytics: 26 months
When retention periods expire, we securely delete or anonymize personal data.
We maintain records of our processing activities as required by GDPR Article 30, including:
- Categories of personal data processed
- Purposes of processing
- Categories of data subjects
- Recipients of personal data
- International transfers
- Retention periods
- Security measures
These records are available to supervisory authorities upon request.
We conduct DPIAs for processing operations that are likely to result in high risk to individuals' rights and freedoms, particularly when:
- Using new technologies
- Systematic profiling or automated decision-making
- Processing special categories of data at scale
- Systematic monitoring of publicly accessible areas
DPIAs help us identify and minimize data protection risks.
We work with carefully selected third-party processors who assist in delivering our services:
Our Obligations:
- Use only processors that provide sufficient guarantees
- Implement appropriate technical and organizational measures
- Enter into written contracts (Data Processing Agreements)
- Ensure processors comply with GDPR
- Monitor processor compliance
Processor Obligations:
- Process data only on our instructions
- Ensure confidentiality of processing
- Implement appropriate security measures
- Assist with data subject rights requests
- Notify us of data breaches
- Delete or return data when processing ends
In the event of a personal data breach:
Notification to Supervisory Authority: We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in risk to individuals' rights and freedoms.
Notification to Data Subjects: We will notify affected individuals without undue delay if the breach is likely to result in high risk to their rights and freedoms.
Breach Documentation: We maintain records of all personal data breaches, including:
- Facts relating to the breach
- Effects of the breach
- Remedial action taken
Contact for Breach Reports: privacy@sdcleka.com
Our use of cookies and similar technologies complies with GDPR and the ePrivacy Directive.
Consent: We obtain consent before placing non-essential cookies.
Transparency: We provide clear information about cookies in our Cookies Policy.
Control: You can manage cookie preferences at any time.
See our Cookies Policy for detailed information.
We implement appropriate technical and organizational measures to protect personal data:
Our services are not directed to children under 16 (or the age specified by EEA member state law). We do not knowingly collect personal data from children without parental consent.
If we learn we have collected data from a child without proper consent, we will delete it promptly.
We regularly review and update our GDPR compliance practices to ensure ongoing compliance with evolving regulations and best practices.
Significant changes will be communicated through:
- Updates to this page
- Email notifications to registered users
- Prominent website notices
SDC LEKA provides regular data protection training to all employees and contractors who handle personal data, covering:
- GDPR principles and requirements
- Individual rights
- Data security practices
- Breach reporting procedures
- Privacy by design and default
We implement privacy by design and default principles in all our operations:
- Data protection considerations are integrated into system design
- Privacy-enhancing technologies are implemented
- Default settings provide maximum privacy
- Data minimization is practiced
- Pseudonymization and anonymization are used where appropriate
For GDPR-related inquiries, rights requests, or complaints:
SDC LEKA Data Protection Officer
Email: privacy@sdcleka.com
General Contact:
Email: info@sdcleka.com
Website: https://sdcleka.com
New York City, NY, USA
Fort Lauderdale, FL, USA
Response Time: We aim to respond to all inquiries within 5 business days, with full responses to rights requests within 30 days.
.png){kind=logo}
.svg){kind=icon}
