SIMOLA

GDPR Compliance Statement

Last Updated: November 12, 2025

1. Introduction & Scope

This GDPR Compliance Statement outlines the commitment of Simola ("we," "us," or "our") to processing personal data in accordance with the European Union's General Data Protection Regulation (GDPR). This statement applies specifically to individuals located in the European Economic Area (EEA).

This document is an integral part of our main Privacy Policy and should be read in conjunction with it. It provides specific details regarding our processing of your personal data under GDPR.

2. Our Role as Controller and Processor

A key aspect of GDPR is determining the role of a data "controller" and a "processor." Simola's role depends on the specific type of data, as defined in our Privacy Policy:

  • As a Data Controller: When you create a Simola account, we act as the data controller for your Account Information (e.g., your name, email address, company name). We process this data to manage your account, provide our services, process payments, and communicate with you.
  • As a Data Processor: When you upload Simulation Data (e.g., CSV files containing form fields or geo-locations) for the purpose of running a campaign, you are the data controller. You determine the contents of that data and the purpose of its processing. We act as the data processor, processing this data only upon your instruction to provide the Simola service.

3. Lawful Basis for Processing

Our lawful basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it. As a controller, our primary lawful bases are:

  • Contractual Necessity (Article 6(1)(b)): We process your Account Information to provide the service you have signed up for, as per our Terms of Service. We need this information to fulfill our service agreement with you.
  • Legitimate Interest (Article 6(1)(f)): We process your data for our legitimate interests, such as for service improvement (using aggregated, anonymized data), security monitoring, fraud prevention, and to communicate important service updates. We do not carry out these activities if our interests are overridden by your data protection interests.
  • Consent (Article 6(1)(a)): In specific situations, we may rely on your consent. For example, we will only send you promotional and marketing communications if we have your explicit consent to do so.

As a processor, our lawful basis for processing your Simulation Data is our contract with you (the controller).

4. Your Data Subject Rights

Under GDPR, you have the following rights regarding your personal data that we control:

  • Right of Access: You have the right to request a copy of the personal information we hold about you.
  • Right to Rectification: You have the right to correct inaccurate data. You can update most of your Account Information directly at any time through your account settings.
  • Right to Erasure ("Right to be Forgotten"): You can request the deletion of your personal data. You can delete your account and associated data directly through the platform. We will comply, subject to any overriding legal or legitimate business requirements (e.g., for accounting or legal defense) to retain the information.
  • Right to Restrict Processing: You have the right to request that we temporarily or permanently stop processing all or some of your personal data.
  • Right to Object: You have the right to object to us processing your personal data, particularly for direct marketing purposes.
  • Right to Data Portability: You have the right to request a copy of your Account Information in an electronic, machine-readable format to transmit to another service.
  • Right to Withdraw Consent: Where we rely on your consent for processing (e.g., for marketing), you have the right to withdraw that consent at any time. You can do this via the unsubscribe link in any marketing email or by contacting us.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a relevant data protection authority if you have concerns about our privacy practices.

For your Simulation Data (for which you are the controller), you have full control to access, update, and delete this data from our platform at any time.

5. Data Security and Retention

We are committed to protecting your data. As detailed in our Privacy Policy, we implement robust technical and organizational measures, including:

  • Encryption: All data is encrypted both in transit (using TLS/SSL) and at rest.
  • Access Control: We enforce strict, role-based access controls within our organization to ensure only authorized personnel can access user data on a need-to-know basis.

We retain your data only as long as necessary. Key retention periods include:

  • Account Information: Retained for as long as your account is active. Upon account deletion, this data is permanently deleted from all systems within 90 days.
  • Simulation Data: This data is automatically and permanently deleted from our systems 90 days after a campaign is completed or becomes inactive. You may also delete this data manually at any time.

6. International Data Transfers

Our service providers (such as cloud hosting and payment processors) may be located outside of the EEA. Specifically, your personal data may be transferred to and processed in the United States. When we transfer your personal data, we rely on established legal mechanisms to ensure your data receives adequate protection, such as the European Commission's Standard Contractual Clauses (SCCs), to ensure that your data is treated securely and in accordance with this policy.

7. Our Sub-processors

To provide and support the Simola service, we engage a limited number of third-party service providers (sub-processors) for infrastructure hosting, payment processing, and analytics. We have entered into GDPR-compliant Data Processing Agreements with each of these sub-processors to ensure they uphold the same level of data protection and security that we commit to. A list of our current sub-processors can be provided upon request.

8. How to Exercise Your Rights

You can exercise many of your rights directly through your account settings. For any requests you cannot self-service, or if you have any questions about this statement, please contact our designated privacy team.

  • Data Protection Contact: To ensure your questions are handled efficiently, please direct any inquiries regarding your GDPR rights to our privacy team at: privacy@simola.io.
  • Lodge a Complaint: If you believe that we have not complied with your data protection rights, you have the right to lodge a complaint with your local data protection authority.

We use cookies to enhance your experience and analyze our traffic. By clicking "Accept", you consent to our use of cookies. Learn more.

Cookie Preferences

You can manage your cookie preferences below. Some cookies are essential for the website to function.

These cookies are necessary for the website to function and cannot be switched off.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site.

These cookies enable the website to provide enhanced functionality and personalization.