GDPR Compliance

Your Rights Under the General Data Protection Regulation

Last Updated: December 3, 2025

1. Introduction

LPGenius, operated by DH Consulting, is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws.

This page explains how we comply with GDPR requirements and outlines your rights as a data subject if you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland.

Our Commitment: We process personal data lawfully, fairly, and transparently. We collect only what is necessary and retain it only for as long as needed to fulfill the purposes for which it was collected.

2. Data Controller Information

The data controller for your personal data is:

DH Consulting

Registration No.: 303879787


Address:

Homa U'Migdal 8

Hadera, Israel


Email:

dimahasin2@gmail.com

For data protection inquiries, you can contact us at the email address above.

3. Legal Basis for Processing

Under GDPR, we must have a valid legal basis to process your personal data. We rely on the following legal bases:

Processing ActivityLegal BasisGDPR Article
Providing the LPGenius servicePerformance of ContractArt. 6(1)(b)
Account creation and managementPerformance of ContractArt. 6(1)(b)
Processing paymentsPerformance of ContractArt. 6(1)(b)
Sending service-related communicationsPerformance of ContractArt. 6(1)(b)
Sending marketing communicationsConsentArt. 6(1)(a)
Analytics cookies (non-essential)ConsentArt. 6(1)(a)
Security monitoringLegitimate InterestArt. 6(1)(f)
Fraud preventionLegitimate InterestArt. 6(1)(f)
Product improvementLegitimate InterestArt. 6(1)(f)
Compliance with legal obligationsLegal ObligationArt. 6(1)(c)

3.1 Legitimate Interests

When we rely on legitimate interests, we have conducted a balancing test to ensure that our interests do not override your fundamental rights and freedoms. Our legitimate interests include:

  • Keeping our services secure and preventing fraud
  • Understanding how users interact with our platform to improve it
  • Administering our business operations
  • Protecting our legal rights

4. Your Data Subject Rights

Under GDPR, you have the following rights regarding your personal data:

4.1 Right of Access (Article 15)

You have the right to:

  • Obtain confirmation that we process your personal data
  • Request a copy of your personal data
  • Receive information about how we process your data

4.2 Right to Rectification (Article 16)

You have the right to:

  • Request correction of inaccurate personal data
  • Have incomplete data completed

4.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data when:

  • The data is no longer necessary for its original purpose
  • You withdraw consent (if processing is based on consent)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required by law
Note: This right is not absolute. We may need to retain some data for legal compliance, contract performance, or to exercise or defend legal claims.

4.4 Right to Restriction of Processing (Article 18)

You have the right to restrict processing when:

  • You contest the accuracy of your data (while we verify)
  • Processing is unlawful but you prefer restriction over erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing (pending verification)

4.5 Right to Data Portability (Article 20)

You have the right to:

  • Receive your personal data in a structured, commonly used, machine-readable format
  • Have your data transmitted directly to another controller where technically feasible

This right applies to data you provided, processed by automated means, based on consent or contract.

4.6 Right to Object (Article 21)

You have the right to object to:

  • Processing based on legitimate interests (we must stop unless we demonstrate compelling legitimate grounds)
  • Direct marketing (we must always honor this)
  • Processing for research or statistical purposes

4.7 Right to Withdraw Consent (Article 7)

Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

4.8 Right Not to be Subject to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects.

Our Practice: We do not use fully automated decision-making that produces legal or significant effects on you.

5. How to Exercise Your Rights

5.1 Making a Request

To exercise any of your GDPR rights, please contact us:

5.2 What to Include in Your Request

To help us process your request efficiently, please provide:

  • Your full name
  • Email address associated with your LPGenius account
  • The specific right(s) you wish to exercise
  • Any relevant details to help identify the data concerned

5.3 Verification

For security purposes, we may need to verify your identity before processing your request. We may ask for:

  • Confirmation from the email address on your account
  • Additional information to verify your identity

5.4 Response Time

We will respond to your request within 30 days of receiving it. If your request is complex or we have received many requests, we may extend this by up to two additional months, but we will inform you of any delay within the first 30 days.

5.5 Fees

We provide one copy of your personal data free of charge. For additional copies or manifestly unfounded/excessive requests, we may charge a reasonable fee based on administrative costs.

6. Data We Collect and Process

6.1 Categories of Personal Data

CategoryExamplesPurpose
Identity DataName, usernameAccount management
Contact DataEmail addressCommunication, service delivery
Technical DataIP address, browser type, device infoSecurity, analytics
Usage DataFeatures used, pages viewedService improvement
Content DataLanding pages you createService delivery
Transaction DataPayment history, subscription statusBilling, support

6.2 Special Categories of Data

We do not intentionally collect special categories of personal data (e.g., racial or ethnic origin, political opinions, religious beliefs, health data, sexual orientation). If you include such data in your landing pages, you are responsible for ensuring appropriate legal basis and safeguards.

7. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected:

Data CategoryRetention PeriodJustification
Account DataDuration of account + 30 daysContract performance
Landing Page ContentDuration of account + 30 daysService delivery
Billing Records7 years after transactionLegal obligation (tax)
Support Communications3 years after resolutionLegitimate interest
Security Logs90 daysSecurity, fraud prevention
Analytics Data13 monthsProduct improvement
Marketing Consent RecordsDuration of consent + 3 yearsDemonstrating compliance
Backup Data90 daysData recovery

After the retention period, data is securely deleted or anonymized.

8. International Data Transfers

As we operate globally, your personal data may be transferred to and processed in countries outside the EEA, UK, or Switzerland. We ensure appropriate safeguards are in place:

8.1 Transfer Mechanisms

  • EU-US Data Privacy Framework: For transfers to US companies certified under the DPF
  • Standard Contractual Clauses (SCCs): EU Commission-approved clauses (Module 2: Controller to Processor)
  • UK International Data Transfer Addendum: Version B1.0 for UK transfers
  • Swiss Addendum: Adapting SCCs to Swiss Federal Act on Data Protection (FADP)

8.2 Countries Where Data May Be Processed

  • Israel: Recognized by EU as providing adequate protection
  • United States: Via DPF certification or SCCs
  • European Union: Where sub-processors are located

8.3 Sub-Processors

We use the following sub-processors who may process your data:

  • Vercel: Hosting (US) - SCCs in place
  • Supabase: Database (US/EU) - SCCs in place
  • Paddle: Payments (UK) - Adequate protection
  • OpenAI: AI services (US) - SCCs in place
  • Anthropic: AI services (US) - SCCs in place

9. Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data (Article 32):

9.1 Technical Measures

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Secure authentication with password hashing
  • Regular security assessments and updates
  • Firewall and intrusion detection systems
  • Automated backup and disaster recovery

9.2 Organizational Measures

  • Access controls based on principle of least privilege
  • Staff training on data protection
  • Incident response procedures
  • Regular review of security practices

For more details, see our Security page.

10. Data Breach Notification

In accordance with Articles 33 and 34 of GDPR:

10.1 Notification to Supervisory Authority

If we experience a personal data breach likely to result in risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach.

10.2 Notification to Data Subjects

If a breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, providing:

  • Description of the breach
  • Name and contact details for more information
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach

11. Right to Lodge a Complaint

If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with a supervisory authority.

11.1 Relevant Supervisory Authorities

For EEA Residents:

Irish Data Protection Commission (DPC)

21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

www.dataprotection.ie


For UK Residents:

Information Commissioner's Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, UK

ico.org.uk


For Swiss Residents:

Federal Data Protection and Information Commissioner (FDPIC)

Feldeggweg 1, 3003 Bern, Switzerland

www.edoeb.admin.ch

You may also complain to the supervisory authority in your country of residence or place of work.

We Encourage Direct Contact First: Before filing a complaint with a supervisory authority, we encourage you to contact us directly at dimahasin2@gmail.com. We are committed to resolving any concerns and will work with you to find a solution.

12. Children's Data

LPGenius is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.

If you believe we have inadvertently collected data from a child under 18, please contact us immediately at dimahasin2@gmail.com, and we will take steps to delete such data.

13. Changes to This Policy

We may update this GDPR Compliance page from time to time. Changes will be posted on this page with an updated "Last Updated" date.

For significant changes affecting your rights, we will provide notice through:

  • Email notification to the address on your account
  • Prominent notice on our website

14. Contact Us

For any questions about this GDPR Compliance page or to exercise your rights, please contact us:

DH Consulting

Data Controller

Registration No.: 303879787


Email:

dimahasin2@gmail.com

Subject: GDPR Inquiry


Address:

Homa U'Migdal 8

Hadera, Israel


Response Time:

We aim to respond to all inquiries within 30 days.