Legal

GDPR & Data Protection

Last updated: 22 May 2026

Snapnlink (JVR Consulting Ltd) is committed to handling personal data lawfully, fairly, and transparently. This page summarises our GDPR posture, lawful bases for processing, and how to exercise your rights. For a full explanation of our data practices see the Privacy Policy.

1. Our role as controller and processor

We act as a data controller for personal data we collect directly — for example when you sign up for an account, contact support, or visit our marketing site.

We act as a data processor when our customers upload personal data about their employees, clients, or contacts into Snapnlink (for example, recipient information on a digital card). Our Data Processing Addendum (DPA) governs that processing and is available on request via privacy@snapnlink.com.

2. Lawful bases for processing

  • Performance of a contract — operating the Service, processing payments, supporting customers.
  • Legitimate interests — product analytics, security, fraud prevention, service improvement. We balance these against your rights and freedoms.
  • Consent — marketing emails, non-essential cookies. You can withdraw at any time.
  • Legal obligation — tax, accounting, responding to lawful requests.

3. Your rights under UK and EU GDPR

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — ask us to correct inaccurate or incomplete data.
  • Right to erasure — ask us to delete data (subject to legal retention exceptions).
  • Right to restriction — limit how we use your data while a dispute is resolved.
  • Right to object — to processing based on legitimate interests, including direct marketing.
  • Right to data portability — receive a structured, machine-readable copy of data you provided.
  • Rights related to automated decision-making — Snapnlink does not make decisions with legal or similarly significant effects using purely automated processing.

4. How to make a Data Subject Access Request

To exercise any of the rights above, email privacy@snapnlink.com with:

  • Your full name and the email address associated with your account (if any).
  • A description of the right you wish to exercise and the data it relates to.
  • Optional: any context that helps us locate the records (organization name, time period).

We will acknowledge within 5 business days and respond substantively within one month, in line with Article 12(3) GDPR. For complex or numerous requests we may extend by a further two months and will notify you. We may need to verify your identity before disclosing personal data.

5. International transfers

Some of our sub-processors are located outside the UK and EEA. We rely on the UK International Data Transfer Agreement, EU Standard Contractual Clauses (2021/914), and additional safeguards including encryption and strict access controls to ensure an adequate level of protection.

6. Data protection contact

We have appointed a privacy lead responsible for our data protection programme. Contact them at privacy@snapnlink.com. If you believe we have not handled your personal data properly, you have the right to complain to the UK Information Commissioner's Office at ico.org.uk or your local supervisory authority in the EEA.

7. Personal data breach notification

Where a personal data breach is likely to result in a risk to individuals' rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware, and notify affected customers without undue delay. Our incident response procedure is documented in our internal security policy and reviewed at least annually.