EUDR Simple EUDR Simple Sign In

Privacy Policy

Last updated: November 25, 2025

We collect only essential EUDR compliance data: company profile, roles, supplier GPS coordinates, batches, transactions, audit logs, and required supporting documents. No marketing trackers, no third-party resale, and no behavioral profiling. Data is encrypted in transit and at rest, retained only for mandated periods (5 years for documents, 7 years for audit logs), and stored in EU or adequacy jurisdictions. This page provides full detail beyond the summary in the site footer.

1. Data Controller

EUDR Simple ("we", "us") acts as the data controller for personal and business data processed through our platform to enable compliance with the EU Deforestation Regulation (EUDR). Contact: contact@eudr-simple.eu.

2. Data We Collect

  • Account data (name, business email, company name)
  • Company compliance profile (roles, SME classification)
  • Supplier data (name, commodity, GPS coordinates)
  • Batch & transaction records (for DDS generation)
  • Audit logs (mandatory compliance traceability)
  • Minimal technical logs (security + reliability only)

3. Purpose & Legal Bases

  • Contract performance: Provide software functionality (Art. 6(1)(b) GDPR)
  • Legal obligation: Maintain required compliance/audit records (Art. 6(1)(c))
  • Legitimate interest: Improve reliability & security (Art. 6(1)(f))
  • Consent: Optional waitlist / early access emails (Art. 6(1)(a))

4. Retention

  • Compliance documents: 5 years (EUDR requirement)
  • Audit logs: 7 years (extended regulatory traceability)
  • Account data: Deleted within 30 days of termination unless retention obligations apply
  • Technical logs: Rotated within 90 days

5. International Transfers

Data is stored in EU (or equivalent adequacy) regions. If a subprocessor outside the EEA is used, Standard Contractual Clauses (SCCs) and supplementary safeguards apply.

6. Security

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest for databases & backups
  • Role-based access controls
  • Audit logging for all compliance-relevant mutations
  • Regular dependency & vulnerability reviews

7. Your Rights (GDPR)

  • Access, rectification, erasure
  • Restriction & objection to processing
  • Data portability (machine-readable export)
  • Withdraw consent for optional communications
  • Lodge a complaint with your supervisory authority

Submit requests to: contact@eudr-simple.eu. We respond within 30 days.

8. Third Parties & Subprocessors

We use infrastructure, storage, and email providers necessary to operate the platform. No advertising networks, tracking pixels, or data brokerage partners are used. A current list can be requested via email.

9. Cookies

Only strictly necessary cookies/session tokens are used for authentication and security. No marketing or behavioral tracking cookies are deployed.

10. Data Minimization & No Resale

We never sell, rent, or trade compliance or supplier data. We collect only what is required to fulfill EUDR obligations and provide platform functionality.

11. Contact

Questions or requests: contact@eudr-simple.eu.