Support

FAQ

Legal » UPDATE_2026 » GDPR Compliance & Data Subject Rights
January 20, 2026

GDPR Compliance & Data Subject Rights

Effective Date: January 26, 2026

 

Overview

ChromaChecker Corporation is committed to complying with the European General Data Protection Regulation (EU) 2016/679 ("GDPR") and the UK General Data Protection Regulation ("UK GDPR"), as applicable.

Depending on the context, ChromaChecker may act either as a Data Controller or as a Data Processor. For customer account and administrative data, ChromaChecker may act as a Data Controller. For customer-uploaded data, staff data, and operational data processed on behalf of organizations, ChromaChecker acts as a Data Processor in accordance with the applicable Data Processing Agreement.

This page explains how to exercise your data protection rights.

 

Your Rights Under GDPR

Access (Art. 15): Obtain confirmation of processing and a copy of your personal data

Rectification (Art. 16): Correct inaccurate or incomplete data

Erasure (Art. 17): Request deletion of your data ("right to be forgotten")

Restriction (Art. 18): Limit how we process your data

Portability (Art. 20): Receive your data in a structured, machine-readable format

Object (Art. 21): Object to processing based on legitimate interests, where applicable

Withdraw Consent (Art. 7): Revoke consent at any time, where processing is based on consent

Complaint (Art. 77): Lodge a complaint with a supervisory authority

 

How to Exercise Your Rights

Option 1: Self-Service (Recommended)

For Main Users (Account Owners):

  1. Log in to ChromaChecker at https://chromachecker.com
  2. Click your profile icon in the top menu
  3. Select "Manage Account"
  4. You can: View all your personal data, Edit your name, email, phone, address, Export your data (JSON/CSV format), Delete your account and all associated data

For Operators/Staff Members:

  1. Go to ChromaChecker Operator's website or launch the iPad app
  2. Click the User Icon
  3. Select "Edit Profile"
  4. You can: View your personal data, Edit your name, email, contact information, Request deletion through your organization's Main User

Option 2: Contact Us Directly

If you cannot use self-service or need assistance:

Email: privacy@chromachecker.com
Subject Line: "GDPR Data Request - [Your Request Type]"

Phone: +48.607.628.995 (Europe) | 651.717.0590 (USA)

Mail:
ChromaChecker Corporation
Attn: Privacy Team
4324 Sanddollar Court
New Port Richey, FL 34652, USA

 

What to Include in Your Request

To process your request efficiently, please provide:

  1. Your full name (as registered)
  2. Email address associated with your account
  3. Organization name (if applicable)
  4. Type of request (access, correction, deletion, etc.)
  5. Specific details about what data or action you're requesting
  6. Proof of identity (requested only where necessary to protect your data, prevent unauthorized access, or where requests relate to shared or organizational accounts)

 

Response Timeline

Access: 30 days (may be extended by up to 60 additional days where requests are complex or numerous)

Rectification: 30 days (may be extended by up to 60 additional days where requests are complex or numerous)

Erasure: 30 days (may be extended by up to 60 additional days where requests are complex or numerous)

Portability: 30 days (may be extended by up to 60 additional days where requests are complex or numerous)

Objection: Without undue delay

We will acknowledge your request within 3 business days.

 

Account Deletion Process

Complete Account Deletion

When you delete your account:

  • Personal data: Permanently deleted without undue delay
  • Measurement data: Permanently deleted without undue delay, where such data qualifies as personal data under applicable law
  • Settings/preferences: Permanently deleted without undue delay
  • Backup copies: Purged from backups within 60 days
  • Billing records: Retained for legal compliance (7 years)

Warning: Account deletion is irreversible. Export your data first if needed.

Transferring Account Ownership

If your organization continues using ChromaChecker but you're leaving:

  1. Log in as Main User
  2. Go to Manage Account → Transfer Ownership
  3. Enter the new representative's details
  4. New owner receives confirmation email
  5. Your personal data is removed; organizational data is preserved

 

Staff Data (Accountability Inspector)

Organization's Responsibility

If you are an employee whose data was added by your organization:

  • Your organization is the Data Controller for your employment-related data
  • ChromaChecker is the Data Processor acting on your organization's instructions

Your Options

  1. View/Edit: Use the Operator app to view and correct your data
  2. Deletion: Request deletion through your organization's Main User
  3. Complaint: Contact your organization's HR/Privacy team first

For Main Users Managing Staff

You are responsible for:

  • Informing employees about data processing
  • Providing legal basis (employment contract, consent, etc.)
  • Removing inactive staff members promptly
  • Responding to employee data requests
  • Complying with local labor and privacy laws

 

Data Portability

You can export your data in the following formats:

  • Account information: JSON - Manage Account → Export Data
  • Measurement data: CSV, JSON - Reports → Export
  • Settings: JSON - Manage Account → Export Data

 

Special Categories

Deceased Users

Upon receipt of death certificate and proof of authority, we will:

  • Provide data access to authorized persons
  • Delete the account upon request
  • Retain legally required records

Minors

ChromaChecker is a B2B service not intended for individuals under 16. If we discover data from a minor, we will delete it immediately.

 

Cookie and Analytics Preferences

Rights related to cookies, analytics, and other consent-based tracking technologies are exercised exclusively through the cookie consent tools available on the website and are not handled through this GDPR data subject request process.

 

Complaints

Internal Resolution

Contact privacy@chromachecker.com first. We aim to resolve complaints within 30 days.

Supervisory Authorities

EU: Your local Data Protection Authority
List: https://edpb.europa.eu/about-edpb/about-edpb/members_en

UK: Information Commissioner's Office (ICO)
https://ico.org.uk/make-a-complaint/

USA: No federal DPA, but state-specific options exist (e.g., California AG for CCPA)

 

Data Protection Officer

ChromaChecker has not appointed a formal DPO as it is not required under GDPR Art. 37. For privacy inquiries, contact:

Privacy Team

Email: privacy@chromachecker.com
Phone: 651.717.0590

  
EU/UK Representatives

EU Representative (GDPR Art. 27)
Data Protection Representative Limited (trading as DataRep)
The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland
Email: datarequest@datarep.com (quote "ChromaChecker Corporation" in subject)
Webform: www.datarep.com/data-request
Phone: +353 (1) 919 8899

UK Representative (UK GDPR Art. 27)
Data Protection Representative Limited (trading as DataRep)
107-111 Fleet Street, London, EC4A 2AB, United Kingdom
Email: datarequest@datarep.com (quote "ChromaChecker Corporation" in subject)
Webform: www.datarep.com/data-request
Phone: +353 (1) 919 8899

Additional EU/EEA Contact Locations
DataRep maintains contact points in all 27 EU member states plus EEA countries, including Poland (Budynek Fronton, ul. Kamienna 21, Kraków, 31-403). For a complete list, visit www.datarep.com.

 

© 2026 ChromaChecker Corporation. All rights reserved. 

Contact ChromaChecker Support

Additional information and Support Form is available for logged users.

preload preload
Peter ChromaChecker RAG Assistant

Meet Peter, our RAG-powered AI assistant.

Peter uses advanced RAG (Retrieval-Augmented Generation) technology powered by Voyage AI embeddings and Claude AI to provide accurate, documentation-based answers about ChromaChecker.

By using Peter, you agree to have your sessions recorded for review and improvement.