Preeley
HomeLegal CenterCreate Workspace

Legal & compliance

GDPR Data Rights

How Preeley supports data subject rights requests and GDPR-aligned handling for individuals in the EEA, UK, and similar jurisdictions.

Last updated April 10, 2026Preeley Inc.Privacy-first documentation

This page explains how Preeley approaches controller and processor responsibilities, lawful bases, international transfers, and rights requests for individuals covered by the GDPR or similar privacy laws.

Controller, processor, and lawful bases

For customer-sponsored platform activity, Preeley often acts as a processor on behalf of the employer customer, while the employer acts as the primary controller for the employment-related data it chooses to submit or collect through the service.

For our own operational activities, such as running the website, handling sales inquiries, providing support, and administering contracts, Preeley may act as an independent controller.

  • Contract performance for delivering the requested services.
  • Legitimate interests in securing, supporting, and improving the platform.
  • Legal obligations where records or disclosures are required by law.
  • Consent where specifically requested for optional communications or features.

Categories of information covered

Rights requests may relate to identity and account details, support communications, website analytics, and customer-platform records associated with an identified individual.

If a request concerns data controlled primarily by an employer customer, we may redirect or coordinate the response with that employer.

International transfers

Preeley may process or store information outside the EEA or UK. When cross-border transfers occur, we rely on appropriate safeguards such as contractual protections, access controls, and vendor diligence processes.

Additional transfer details may be provided in a customer agreement, data processing addendum, or individual request response where required.

Your GDPR rights

Subject to applicable law and verification, you may have the right to access, correct, erase, restrict, object to, or request portability of your personal information.

You may also have the right to withdraw consent where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal.

  • Right of access.
  • Right to rectification.
  • Right to erasure.
  • Right to restrict processing.
  • Right to object.
  • Right to data portability.

Verification and response timelines

Preeley may request additional information to verify identity, confirm authorization, or understand the scope of the request before responding.

We aim to respond within one month of receiving a verified request, although that period may be extended where permitted by law due to request complexity or volume.

Complaints and contact

Questions about GDPR handling may be sent to privacy@preeley.app.

If you believe your rights have not been handled appropriately, you may also lodge a complaint with your local supervisory authority.

Rights request

Submit a GDPR rights request

Use this form to request access, correction, or deletion. We may need to verify your identity or route your request through your employer when they are the primary controller.

Preeley uses this information only to review and respond to your legal request. We may contact you to verify identity, confirm your authority, or clarify the scope of the request before taking action.