GDPR Compliance

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. At www.bmi-calculator.co, we are committed to protecting your personal data and respecting your privacy rights in accordance with GDPR requirements.

This page explains how we comply with GDPR regulations and what rights you have regarding your personal data when using our BMI calculator and website services.

Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent: When you voluntarily provide information to use our BMI calculator
• Legitimate Interest: To improve our services and website functionality
• Legal Obligation: To comply with applicable laws and regulations
• Vital Interest: To protect health and safety when providing health-related information

Your Rights Under GDPR

As a data subject, you have the following rights under GDPR:

Data Protection Measures

We implement appropriate technical and organizational measures to ensure the security of your personal data:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Staff training on data protection principles
• Incident response procedures
• Regular backups and disaster recovery plans

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• BMI Calculator Data: Not stored on our servers (processed locally)
• Contact Form Data: Retained for 2 years for customer service purposes
• Analytics Data: Anonymized and retained for 26 months
• Cookie Data: Varies by cookie type (see our Cookie Policy)

International Data Transfers

When we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for countries with adequate data protection levels
• Binding Corporate Rules (BCRs) where applicable
• Your explicit consent for specific transfers

Data Breach Notification

In the event of a data breach that may result in a high risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours
• Inform affected individuals without undue delay
• Provide clear information about the nature of the breach
• Explain the likely consequences and measures taken
• Recommend steps you can take to protect yourself

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the following information:

We will respond to your request within one month. In some cases, we may extend this period by two additional months if the request is complex or we receive multiple requests.

Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local data protection supervisory authority. You can find your local authority through the European Data Protection Board website.

Updates to This Policy

We may update this GDPR compliance page from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes through our website or by email if we have your contact information.

Last updated: 7/12/2025