Back to Legal

Legal

GDPR & CCPA Data Subject Request Policy

Last Updated: June 11, 2026

1. Purpose

ContentAdviser.io ("ContentAdviser," "we," "our," or "us") is committed to respecting the privacy rights of individuals and complying with applicable data protection laws, including:

  • General Data Protection Regulation (GDPR)
  • UK GDPR
  • California Consumer Privacy Act (CCPA)
  • California Privacy Rights Act (CPRA)
  • Other applicable privacy and consumer protection laws

This Data Subject Request (DSR) Policy explains how individuals may exercise their privacy rights and how ContentAdviser responds to such requests.

2. Scope

This Policy applies to:

  • Website visitors
  • Customers
  • End users
  • Prospective customers
  • Individuals whose personal information is processed by ContentAdviser

This Policy does not apply where ContentAdviser acts solely as a Data Processor on behalf of a customer. In such cases, requests should be directed to the relevant customer (the Data Controller).

3. Available Privacy Rights

Depending on your jurisdiction, you may have the following rights.

Right to Know / Access

You may request:

  • Categories of personal information collected
  • Specific personal information held about you
  • Sources of information
  • Purposes for collection and processing
  • Categories of third parties with whom information is shared

Right to Correction

You may request correction of inaccurate or incomplete personal information maintained by ContentAdviser.

Right to Deletion

You may request deletion of personal information that we have collected about you, subject to legal, contractual, security, and regulatory exceptions.

Right to Data Portability

You may request a copy of your personal information in a structured, commonly used, and machine-readable format where required by law.

Right to Restrict Processing

Where applicable, you may request that ContentAdviser limit how your personal information is processed.

Right to Object

You may object to certain processing activities, including processing based on legitimate interests or direct marketing.

Right to Withdraw Consent

Where processing relies on consent, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing conducted before withdrawal.

Right to Opt Out of Sale or Sharing

ContentAdviser does not sell personal information. If applicable under future business practices, California residents may exercise rights to opt out of the sale or sharing of personal information for cross-context behavioral advertising.

Right to Limit Use of Sensitive Personal Information

Where required by applicable law, individuals may request limitations on the use and disclosure of sensitive personal information.

Right to Non-Discrimination

ContentAdviser will not discriminate against individuals for exercising privacy rights.

4. Submitting a Request

Individuals may submit requests through the following methods:

Email: privacy@contentadviser.io

Requests should include sufficient information to allow us to verify identity and locate relevant records. Examples include:

  • Full name
  • Email address associated with the account
  • Company name (if applicable)
  • Nature of the request
  • Additional information reasonably necessary for verification

5. Identity Verification

To protect personal information from unauthorized disclosure, ContentAdviser may verify the identity of requestors before fulfilling a request.

Verification methods may include:

  • Email verification
  • Account authentication
  • Confirmation of account information
  • Additional documentation where legally permitted and reasonably necessary

If identity cannot be verified, we may deny the request or request additional information.

6. Authorized Agents

Where permitted by law, an individual may designate an authorized agent to submit a request on their behalf. ContentAdviser may require:

  • Written authorization
  • Proof of agency authority
  • Direct confirmation from the individual
  • Identity verification of both parties

7. Response Timeframes

ContentAdviser aims to respond within the following timeframes:

GDPR Requests

Within 1 month

Where requests are complex or numerous, the response period may be extended by up to two additional months. Individuals will be notified of any extension.

CCPA / CPRA Requests

Within 45 days

Confirmation of receipt within 10 business days when required. Where permitted by law, an extension of up to an additional 45 days may apply.

8. Fees

ContentAdviser generally fulfills requests free of charge. However, we may charge a reasonable administrative fee or refuse requests that are:

  • Manifestly unfounded
  • Excessive
  • Repetitive
  • Abusive

Where a fee applies, individuals will be informed before processing continues.

9. Exceptions

Certain information may be retained or exempt from disclosure, deletion, or modification where necessary to:

  • Comply with legal obligations
  • Detect or prevent fraud
  • Resolve disputes
  • Enforce agreements
  • Protect security and integrity
  • Exercise legal claims
  • Comply with regulatory requirements
  • Complete transactions requested by users

10. Requests Involving Customer Data

For information processed on behalf of customers:

  • Customers remain the Data Controllers.
  • ContentAdviser acts as a Data Processor.
  • Requests should generally be submitted directly to the relevant customer.

Where appropriate, ContentAdviser may assist customers in responding to Data Subject Requests under applicable agreements.

11. Recordkeeping

ContentAdviser maintains records of Data Subject Requests and responses to:

  • Demonstrate legal compliance
  • Improve request handling
  • Support audits and regulatory inquiries

Records are retained only as long as necessary for compliance purposes.

12. Appeals and Complaints

If you believe your request was improperly handled, you may contact:

Privacy Team

Email: privacy@contentadviser.io

Where applicable, individuals may also lodge a complaint with their local data protection authority or regulatory agency.

13. Contact Information

For questions regarding privacy rights or this Policy, contact:

Privacy Team — ContentAdviser.io

Email: privacy@contentadviser.io

14. Policy Updates

ContentAdviser may update this Policy periodically to reflect changes in legal requirements, regulatory guidance, or business practices. Updated versions will be posted on ContentAdviser.io with a revised "Last Updated" date.