GDPR Compliance

Carevolve is a data controller under the EU General Data Protection Regulation (GDPR). This page explains your rights and how to exercise them.

1. Your rights

• Access: request a copy of the personal data we hold about you.
• Rectification: ask us to correct inaccurate data.
• Erasure: request deletion of your account and personal data.
• Restriction: ask us to limit how we process your data.
• Portability: receive your data in a structured, machine-readable format.
• Objection: object to processing based on legitimate interests.
• Withdraw consent: for any processing that relies on your consent.

2. How to exercise your rights

Most rights can be exercised directly from your account settings (export, delete). For anything else, email privacy@carevolve.online. We respond within 30 days.

3. Lawful bases for processing

• Contract: to deliver the service you signed up for.
• Legitimate interests: product improvement, fraud prevention, security.
• Consent: marketing communications, optional analytics.
• Legal obligation: tax, accounting and regulatory requirements.

4. International transfers

Some sub-processors are located outside the EEA. Where this is the case, transfers are protected by Standard Contractual Clauses approved by the European Commission.

5. Data Protection Officer

You can reach our DPO at dpo@carevolve.online.

6. Supervisory authority

You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.