Programmatic

Contact Us
Menu
Contact Us

Data Privacy & GDPR

At Programmatic LLC (“Programmatic,” “we,” “us,” or “our”), we respect individual privacy rights and are committed to handling personal data responsibly and transparently. This page explains how we align our practices with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

This page should be read together with our Privacy Policy.

1. Our Commitment to GDPR Compliance

Programmatic implements technical and organizational measures designed to support GDPR principles, including:

  • Lawfulness, fairness, and transparency

  • Purpose limitation and data minimization

  • Accuracy and storage limitation

  • Integrity and confidentiality

  • Accountability

GDPR obligations are addressed through internal policies, contractual safeguards, and operational controls appropriate to the scope of services provided.

2. Roles Under GDPR

Depending on the engagement, Programmatic may act as:

  • Data Processor – when processing personal data on behalf of a client

  • Data Controller – for limited personal data related to our own business operations (e.g., marketing, recruitment, website usage)

Specific roles and responsibilities are defined in applicable agreements.

3. Lawful Bases for Processing

We process personal data under one or more lawful bases defined by GDPR, including:

  • Performance of a contract

  • Compliance with legal obligations

  • Legitimate business interests

  • Consent, where required

The applicable lawful basis depends on the nature of the data and services involved.

4. Data Subject Rights

Where GDPR applies, individuals have the following rights:

  • Right to access their personal data

  • Right to rectification of inaccurate data

  • Right to erasure (“right to be forgotten”), where applicable

  • Right to restriction of processing

  • Right to data portability

  • Right to object to processing

  • Right to withdraw consent at any time

Requests may be subject to identity verification and legal limitations.

5. Data Processing Agreements (DPAs)

For services involving the processing of personal data on behalf of clients, Programmatic enters into Data Processing Agreements (DPAs) that define:

  • Scope and purpose of processing

  • Security and confidentiality obligations

  • Sub-processor requirements

  • Assistance with data subject rights

  • Breach notification procedures

6. Security Measures

We apply reasonable and appropriate security controls to protect personal data, including:

  • Access controls and authentication mechanisms

  • Encryption of data in transit

  • Secure development and operational practices

  • Monitoring and incident response procedures

Additional details are available on our Security & Compliance page.

7. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), Programmatic relies on appropriate safeguards, such as:

  • Standard Contractual Clauses (SCCs)

  • Contractual data protection commitments

  • Other lawful transfer mechanisms recognized by GDPR

8. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, or meet contractual requirements.

Retention periods vary depending on data type and service scope.

9. Sub-Processors

Programmatic may engage trusted sub-processors to support service delivery (e.g., cloud infrastructure, analytics, or communication tools). Sub-processors are subject to appropriate contractual and security obligations.

10. Personal Data Breach Response

In the event of a personal data breach, Programmatic maintains procedures to:

  • Assess and contain the incident

  • Notify affected clients without undue delay where required

  • Support regulatory notifications as applicable

11. Exercising Your Rights

To exercise GDPR rights or submit a privacy request, please contact us:

Programmatic LLC
info@programmatic.llc
https://programmatic.llc/contact/

We aim to respond to valid requests within the timeframes required by applicable law.

12. Updates to This Page

We may update this page to reflect changes in legal requirements or our data protection practices. Updates will be posted with a revised “Last Updated” date.