Effective Date: [DATE]
Last Updated: [DATE]

This European Privacy Statement ("Statement") supplements our Privacy Policy and applies specifically to individuals located in the European Union (EU), European Economic Area (EEA), and the United Kingdom (UK), collectively referred to as "European residents" or "you." This Statement describes how Jackal Labs Inc. ("Jackal Labs," "we," "us," or "our") processes your personal data in connection with our Respawn Disaster Recovery as a Service (DRaaS) platform and related services.

This Statement is provided in accordance with the EU General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR), and other applicable European data protection laws.

1. DATA CONTROLLER INFORMATION

1.1 Data Controller

Jackal Labs Inc.
[Address]
Ottawa, Ontario, Canada
Email: privacy@jackallabs.com
Phone: [Phone Number]

1.2 EU Representative

As we are established outside the European Union, we have appointed a representative in the EU in accordance with Article 27 GDPR:

[EU Representative Name]
[EU Representative Address]
Email: [EU Representative Email]
Phone: [EU Representative Phone]

1.3 Data Protection Officer

We have appointed a Data Protection Officer (DPO) who can be contacted regarding all matters relating to the processing of your personal data and the exercise of your rights under data protection law:

Data Protection Officer
Email: dpo@jackallabs.com
Phone: [DPO Phone Number]
Address: Jackal Labs Inc., [Address], Ottawa, Ontario, Canada

2. PERSONAL DATA WE PROCESS

2.1 Categories of Personal Data

We process the following categories of personal data about European residents:

Identity Data: Full name, username, title, date of birth, and other identifiers.

Contact Data: Business and personal email addresses, telephone numbers, postal addresses, and other contact information.

Technical Data: Internet protocol (IP) addresses, login data, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our services.

Profile Data: Username and password, service preferences, feedback, and survey responses.

Usage Data: Information about how you use our website, products, and services, including frequency of use, feature utilization, and performance metrics.

Marketing and Communications Data: Your preferences in receiving marketing communications from us and our third parties, and your communication preferences.

Financial Data: Bank account details, payment card details, and other financial information necessary for processing payments.

2.2 Special Categories of Personal Data

We do not intentionally collect special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation). If you provide such information to us, we will process it only with your explicit consent or as otherwise permitted by applicable law.

3. HOW WE COLLECT PERSONAL DATA

3.1 Direct Collection

We collect personal data directly from you when you:

  • Create an account or register for our services

  • Subscribe to our services or make purchases

  • Contact us for customer support or inquiries

  • Participate in surveys, webinars, or events

  • Subscribe to our marketing communications

  • Interact with our website or service platform

3.2 Automatic Collection

We automatically collect certain personal data when you:

  • Visit our website or use our services

  • Interact with our emails or marketing communications

  • Use cookies and similar tracking technologies

  • Access our services through mobile applications or devices

3.3 Third-Party Sources

We may collect personal data about you from third-party sources, including:

  • Publicly available databases and professional directories

  • Social media platforms when you interact with our content

  • Business contact information providers and marketing services

  • Our business partners and referral sources

  • Analytics providers and advertising networks

4. PURPOSES AND LEGAL BASIS FOR PROCESSING

We process your personal data for the following purposes and on the following legal bases:

4.1 Contract Performance

Purpose: To provide our Respawn DRaaS services, manage your account, process payments, and fulfill our contractual obligations.

Legal Basis: Processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contract (Article 6(1)(b) GDPR).

Personal Data: Identity data, contact data, profile data, usage data, financial data.

4.2 Legitimate Interests

Purpose: To improve our services, conduct analytics, ensure security, prevent fraud, and manage our business operations.

Legal Basis: Processing is necessary for the purposes of our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms (Article 6(1)(f) GDPR).

Legitimate Interests:

  • Improving and developing our services and technology

  • Ensuring the security and integrity of our systems

  • Preventing fraud and unauthorized access

  • Conducting business analytics and market research

  • Managing customer relationships and business operations

Personal Data: Technical data, usage data, contact data, profile data.

4.3 Consent

Purpose: To send you marketing communications, use non-essential cookies, and process personal data for purposes that require your explicit consent.

Legal Basis: You have given consent to the processing of your personal data for one or more specific purposes (Article 6(1)(a) GDPR).

Personal Data: Contact data, marketing and communications data, technical data (through cookies).

4.4 Legal Obligations

Purpose: To comply with legal and regulatory requirements, including tax obligations, data protection laws, and law enforcement requests.

Legal Basis: Processing is necessary for compliance with a legal obligation to which we are subject (Article 6(1)(c) GDPR).

Personal Data: Identity data, contact data, financial data, usage data.

4.5 Vital Interests

Purpose: To protect the vital interests of you or another natural person in emergency situations.

Legal Basis: Processing is necessary to protect the vital interests of the data subject or of another natural person (Article 6(1)(d) GDPR).

Personal Data: Contact data, identity data.

5. RECIPIENTS OF PERSONAL DATA

We may share your personal data with the following categories of recipients:

5.1 Service Providers

We engage third-party service providers to perform functions on our behalf, including:

  • Cloud infrastructure and hosting providers (Amazon Web Services, Microsoft Azure, Google Cloud Platform)

  • Payment processing companies (Stripe, PayPal)

  • Customer support platforms (Zendesk, Intercom)

  • Marketing automation services (HubSpot, Mailchimp)

  • Analytics providers (Google Analytics, Mixpanel)

  • Security monitoring services (Cloudflare, Datadog)

All service providers are contractually required to protect your personal data and process it only for the purposes we specify.

5.2 Business Partners

We may share limited personal data with trusted business partners for:

  • Joint marketing activities and co-sponsored events

  • Integration partnerships and technical collaborations

  • Referral programs and channel partnerships

5.3 Professional Advisors

We may share personal data with professional advisors including lawyers, accountants, auditors, and consultants who provide services to us.

5.4 Regulatory Authorities

We may disclose personal data to regulatory authorities, law enforcement agencies, and other government bodies when required by law or to protect our rights and interests.

5.5 Corporate Transactions

In the event of a merger, acquisition, sale of assets, or other corporate transaction, personal data may be transferred to the acquiring entity, subject to appropriate data protection commitments.

6. INTERNATIONAL TRANSFERS

6.1 Transfers Outside the EEA

As we are based in Canada and use service providers located in various countries, your personal data may be transferred to and processed in countries outside the European Economic Area, including Canada and the United States.

6.2 Adequacy Decisions

Some transfers are made to countries that have been recognized by the European Commission as providing an adequate level of data protection, including Canada (for commercial organizations subject to PIPEDA).

6.3 Appropriate Safeguards

For transfers to countries without an adequacy decision, we implement appropriate safeguards to protect your personal data, including:

  • Standard Contractual Clauses approved by the European Commission

  • Binding Corporate Rules for intra-group transfers

  • Certification schemes and codes of conduct

  • Specific derogations for particular situations as permitted by Article 49 GDPR

6.4 Copies of Safeguards

You may request a copy of the safeguards we have put in place for international transfers by contacting our Data Protection Officer using the details provided in Section 1.3.

7. RETENTION OF PERSONAL DATA

7.1 Retention Principles

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

7.2 Retention Periods

Account and Service Data: Retained for the duration of your account relationship plus seven (7) years for business records and legal compliance.

Marketing Communications: Retained until you withdraw consent or we determine the information is no longer needed, typically up to five (5) years.

Website Analytics Data: Retained for up to 26 months in accordance with Google Analytics default settings, or shorter periods as configured.

Support Communications: Retained for up to five (5) years for quality assurance and legal purposes.

Financial Records: Retained for seven (7) years to comply with accounting and tax obligations.

Security Logs: Retained for up to two (2) years for security monitoring and incident response.

7.3 Secure Deletion

When personal data is no longer needed, we securely delete or anonymize it using industry-standard methods to prevent unauthorized recovery.

8. YOUR RIGHTS UNDER GDPR

As a European resident, you have the following rights regarding your personal data:

8.1 Right of Access (Article 15)

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and if so, to access that personal data and receive information about:

  • The purposes of processing

  • The categories of personal data concerned

  • The recipients or categories of recipients

  • The envisaged period of retention

  • Your rights regarding the personal data

  • The source of the data (if not collected directly from you)

8.2 Right to Rectification (Article 16)

You have the right to obtain the rectification of inaccurate personal data concerning you and to have incomplete personal data completed.

8.3 Right to Erasure (Article 17)

You have the right to obtain the erasure of personal data concerning you in certain circumstances, including:

  • The personal data is no longer necessary for the original purposes

  • You withdraw consent and there is no other legal ground for processing

  • You object to processing and there are no overriding legitimate grounds

  • The personal data has been unlawfully processed

  • Erasure is required for compliance with a legal obligation

8.4 Right to Restriction of Processing (Article 18)

You have the right to obtain restriction of processing in certain circumstances, including:

  • You contest the accuracy of the personal data

  • The processing is unlawful but you oppose erasure

  • We no longer need the data but you require it for legal claims

  • You have objected to processing pending verification of our legitimate grounds

8.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller when:

  • Processing is based on consent or contract

  • Processing is carried out by automated means

8.6 Right to Object (Article 21)

You have the right to object to processing of your personal data in certain circumstances:

  • Processing based on legitimate interests (unless we demonstrate compelling legitimate grounds)

  • Processing for direct marketing purposes (absolute right)

  • Processing for scientific, historical research, or statistical purposes

8.7 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you, except in certain limited circumstances.

8.8 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. HOW TO EXERCISE YOUR RIGHTS

9.1 Contact Methods

You may exercise your rights by contacting us through the following methods:

  • Email: dpo@jackallabs.com

  • Online form: [URL]

  • Post: Data Protection Officer, Jackal Labs Inc., [Address], Ottawa, Ontario, Canada

  • EU Representative: [EU Representative Contact Information]

9.2 Verification

To protect your privacy and security, we will verify your identity before processing your request. We may ask for additional information to confirm your identity.

9.3 Response Time

We will respond to your request without undue delay and in any event within one month of receipt. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

9.4 No Fee

We will not charge a fee for processing your request unless it is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request.

10. AUTOMATED DECISION-MAKING AND PROFILING

10.1 Automated Processing

We may use automated processing to:

  • Detect and prevent fraud and security threats

  • Personalize your experience with our services

  • Optimize our marketing communications

  • Analyze service usage patterns

10.2 Profiling Activities

We may create profiles based on your usage patterns and preferences to:

  • Improve service recommendations

  • Customize user interfaces

  • Provide relevant content and communications

  • Enhance security monitoring

10.3 Your Rights

You have the right to obtain human intervention, express your point of view, and contest any automated decision that significantly affects you.

11. DATA SECURITY

11.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption of data in transit and at rest

  • Multi-factor authentication and access controls

  • Regular security assessments and penetration testing

  • Employee training and background checks

  • Incident response and breach notification procedures

11.2 Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and provide information about the breach and the measures we are taking to address it.

12. COOKIES AND TRACKING TECHNOLOGIES

12.1 Cookie Policy

We use cookies and similar tracking technologies on our website and services. For detailed information about our use of cookies, please refer to our Cookie Policy available at [URL].

12.2 Consent Management

We provide a cookie consent management platform that allows you to control which cookies are placed on your device. You can update your cookie preferences at any time through our cookie settings.

13. CHILDREN'S PRIVACY

Our services are not intended for children under the age of 16, and we do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without appropriate consent, we will take steps to delete such information promptly.

14. CHANGES TO THIS STATEMENT

We may update this Statement from time to time to reflect changes in our practices, legal requirements, or service features. We will notify you of material changes by:

  • Posting the updated Statement on our website

  • Sending email notification to registered users

  • Providing notice through our service platform

15. COMPLAINTS AND SUPERVISORY AUTHORITIES

15.1 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates data protection law.

15.2 Relevant Supervisory Authorities

You may lodge a complaint with the supervisory authority in:

  • Your country of habitual residence

  • Your place of work

  • The place where the alleged infringement occurred

15.3 Lead Supervisory Authority

For cross-border processing, our lead supervisory authority is the Irish Data Protection Commission:

16. CONTACT INFORMATION

If you have any questions about this Statement or wish to exercise your rights, please contact:

Data Protection Officer
Jackal Labs Inc.
[Address]
Ottawa, Ontario, Canada
Email: dpo@jackallabs.com
Phone: [Phone Number]

EU Representative
[EU Representative Name]
[EU Representative Address]
Email: [EU Representative Email]
Phone: [EU Representative Phone]

This European Privacy Statement is effective as of [DATE] and supplements our general Privacy Policy.