Skip to main content

GDPR Compliance

Last updated: November 14, 2025

Our Commitment to GDPR & Data Act

BrainPredict OÜ is committed to protecting your personal data and respecting your privacy rights under GDPR across all 16 platforms (Commerce, Supply, People, Sales, Marketing, Legal, Risk, Finance, Innovation, Controlling, Communications, Data, Strategy, Sourcing, Operations, Customer). We comply with the General Data Protection Regulation (GDPR) and the EU Data Act (Regulation 2023/2854, effective September 12, 2025). This page outlines how we comply with GDPR and Data Act requirements across all our AI-powered platforms including BrainPredict Commerce (e-commerce intelligence with 20 AI models), BrainPredict Supply (supply chain intelligence with 22 AI models), BrainPredict People (HR intelligence with 27 AI models), BrainPredict Sales (sales & revenue intelligence with 26 AI models), BrainPredict Marketing (marketing intelligence with 26 AI models), BrainPredict Legal (legal intelligence with 31 AI models), BrainPredict Risk (enterprise risk intelligence with 25 AI models), BrainPredict Finance (financial intelligence with 35 AI models), BrainPredict Innovation (innovation intelligence with 28 AI models), BrainPredict Controlling (controlling intelligence with 32 AI models), BrainPredict Communications (communications intelligence with 30 AI models), BrainPredict Data (data quality & AI readiness intelligence with 29 AI models), BrainPredict Strategy (strategic intelligence with 28 AI models), BrainPredict Sourcing (procurement intelligence with 26 AI models), BrainPredict Operations (manufacturing intelligence with 32 AI models), and BrainPredict Customer (customer service intelligence with 29 AI models).

Compliance Status: 100% GDPR compliant, 95% EU Data Act compliant.

📄 Comprehensive Compliance Documentation: For detailed GDPR, CCPA, HIPAA, SOC 2, ISO 27001, FDA 21 CFR Part 11, and EU Data Act compliance evidence including article-by-article implementation, data subject rights procedures, and audit checklists, visit our Compliance Documentation Portal.

Your Rights Under GDPR

  • Right to Access: You can request access to your personal data
  • Right to Rectification: You can request correction of inaccurate data
  • Right to Erasure: You can request deletion of your data
  • Right to Restrict Processing: You can request limitation of data processing
  • Right to Data Portability: You can request transfer of your data
  • Right to Object: You can object to certain data processing
  • Right to Withdraw Consent: You can withdraw consent at any time

Data Protection Measures

We implement appropriate technical and organizational measures to ensure data security:

  • Encryption of data in transit and at rest
  • Regular security audits and assessments
  • Access controls and authentication
  • Data minimization principles
  • Regular staff training on data protection

Data Processing

We process personal data only when we have a lawful basis:

  • Consent: You have given clear consent
  • Contract: Processing is necessary for a contract
  • Legal obligation: Processing is required by law
  • Legitimate interests: Processing is necessary for our legitimate interests

International Data Transfers

When we transfer data outside the EU/EEA, we ensure appropriate safeguards are in place through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules where applicable

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements.

EU Data Act Compliance

BrainPredict OÜ is 95% compliant with the EU Data Act (Regulation 2023/2854), which becomes effective on September 12, 2025. The Data Act ensures fair access to and use of data, promoting data portability and interoperability.

Data Portability (Chapter II)

You have the right to export all your data in machine-readable formats (JSON, CSV, XML) at any time, free of charge. Use our Data Portability API to export your complete data including AI models, predictions, analytics, and audit logs.

Interoperability (Chapter VIII)

We provide comprehensive API specifications (OpenAPI 3.0), data schemas (JSON Schema), and integration documentation to ensure seamless interoperability with other systems and providers.

Switching Provider Rights (Chapter VI)

You have the right to switch to another provider at any time. We provide full data export capabilities with no lock-in, no switching fees, and comprehensive migration support.

Contact Our Data Protection Officer

For any questions about GDPR compliance or to exercise your rights:

BrainPredict OÜ

Registry Code: 17352111

Address: Harju maakond, Tallinn, Kesklinna linnaosa, Jõe tn 3-314, 10151, Estonia

Phone: +372 6630414

Email: privacy@brainpredict.ai