Global WatchGlobal Watch Docs
Compliance

Data Protection

Data Protection

Global Watch is committed to protecting your privacy and ensuring compliance with global data protection regulations. This document outlines our data protection practices, your rights, and how we handle personal data.

Privacy Principles

Global Watch adheres to core privacy principles:

Data Minimization

We collect only the data necessary for providing our services:

  • Essential Data: Information required for account functionality
  • Optional Data: Additional data you choose to provide
  • No Unnecessary Collection: We don't collect data we don't need

Purpose Limitation

Data is used only for specified purposes:

  • Service Delivery: Providing forest management features
  • Account Management: Managing your account and subscription
  • Communication: Sending necessary notifications
  • Improvement: Enhancing our services (with consent)

Transparency

We're transparent about our data practices:

  • Clear Policies: Easy-to-understand privacy documentation
  • Data Access: You can view all data we hold about you
  • Change Notification: We notify you of policy changes

GDPR Compliance

Global Watch complies with the EU General Data Protection Regulation (GDPR).

We process personal data under these legal bases:

Legal BasisUse Case
ContractProviding services you've subscribed to
Legitimate InterestSecurity, fraud prevention, service improvement
ConsentMarketing communications, analytics
Legal ObligationTax records, legal compliance

Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Access

Request a copy of all personal data we hold about you.

Right to Rectification

Request correction of inaccurate personal data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Portability

Receive your data in a machine-readable format.

Right to Object

Object to processing based on legitimate interests.

Right to Restrict

Request limitation of processing in certain circumstances.

Exercising Your Rights

To exercise your data protection rights:

  1. In-App: Navigate to SettingsPrivacyData Rights
  2. Email: Contact privacy@global.watch
  3. Response Time: Within 30 days (as required by GDPR)

LGPD Compliance

Global Watch also complies with Brazil's Lei Geral de Proteção de Dados (LGPD).

LGPD Rights

Brazilian users have additional rights under LGPD:

  • Confirmation: Confirm whether we process your data
  • Access: Access your personal data
  • Correction: Correct incomplete or inaccurate data
  • Anonymization: Request anonymization of unnecessary data
  • Portability: Transfer data to another service provider
  • Deletion: Delete data processed with consent
  • Information: Know about sharing with third parties
  • Revocation: Revoke consent at any time

PDPL Compliance (UAE)

Global Watch complies with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021).

PDPL Rights

UAE users have the following rights:

  • Access: Request access to personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of data
  • Restriction: Limit processing in certain cases
  • Portability: Receive data in machine-readable format
  • Object: Object to processing based on legitimate interests

Response Time SLA

RegulationRequired ResponseOur SLA
GDPR1 month (extendable to 3)15 days
LGPD15 days15 days
PDPL30 days (extendable to 60)15 days

Global Watch responds to all data subject requests within 15 days, meeting the strictest regulatory requirement.

Data We Collect

Account Data

Information provided during registration:

Data TypePurposeRetention
Email addressAccount identification, communicationAccount lifetime
NamePersonalization, identificationAccount lifetime
Password (hashed)AuthenticationAccount lifetime
Profile photoPersonalizationUntil removed

Usage Data

Information collected during service use:

Data TypePurposeRetention
Login historySecurity, audit90 days
Feature usageService improvementAggregated only
Error logsDebugging, support30 days
API requestsRate limiting, billing90 days

Project Data

Information you create in Global Watch:

Data TypePurposeRetention
Project detailsService functionalityUntil deleted
Geospatial dataMap features, area calculationUntil deleted
Asset informationAsset trackingUntil deleted
DocumentsDocument managementUntil deleted

Technical Data

Automatically collected technical information:

Data TypePurposeRetention
IP addressSecurity, geolocation30 days
Browser typeCompatibility, debugging30 days
Device informationMobile app functionality30 days
CookiesSession management, preferencesVaries

Data Processing

Sub-Processors

We use trusted sub-processors for specific functions:

ProviderPurposeLocationDPA
Cloud ProviderInfrastructure hostingUS/EU
Email ServiceTransactional emailsUS
Payment ProcessorBilling and paymentsUS
AnalyticsUsage analyticsEU

All sub-processors are bound by Data Processing Agreements (DPAs) that ensure GDPR-compliant data handling.

International Transfers

When data is transferred outside the EU/EEA:

  • Standard Contractual Clauses: EU-approved transfer mechanisms
  • Adequacy Decisions: Transfers to countries with adequate protection
  • Supplementary Measures: Additional safeguards where required

Data Security

Technical Measures

Security measures protecting your data:

  • Encryption: AES-256 at rest, TLS 1.3 in transit
  • Access Control: Role-based access, principle of least privilege
  • Monitoring: 24/7 security monitoring and alerting
  • Backups: Encrypted backups with tested recovery

Organizational Measures

Policies and procedures for data protection:

  • Training: Regular privacy and security training
  • Access Reviews: Periodic access permission reviews
  • Incident Response: Documented breach response procedures
  • Vendor Management: Due diligence on all vendors

Data Retention

Retention Periods

Data is retained only as long as necessary:

Data CategoryRetention PeriodBasis
Account dataAccount lifetime + 30 daysContract
Project dataUntil deleted by userContract
Audit logs2 yearsLegitimate interest
Billing records7 yearsLegal obligation
Support tickets3 yearsLegitimate interest

Data Deletion

When you delete your account:

  1. Immediate: Account access revoked
  2. 30 Days: Personal data deleted from active systems
  3. 90 Days: Data removed from backups
  4. Retained: Anonymized data for analytics, legal records

Cookies & Tracking

Global Watch uses the following cookies:

Cookie TypePurposeDuration
EssentialAuthentication, securitySession
FunctionalPreferences, settings1 year
AnalyticsUsage statistics (with consent)1 year

You can manage cookies through:

  • Browser Settings: Block or delete cookies
  • Cookie Banner: Accept or reject non-essential cookies
  • Account Settings: Manage tracking preferences

Do Not Track

Global Watch respects Do Not Track (DNT) browser signals.

Children's Privacy

Global Watch is not intended for children under 16:

  • Age Requirement: Users must be 16 or older
  • No Intentional Collection: We don't knowingly collect children's data
  • Deletion: Children's data will be deleted upon discovery

Privacy by Design

Global Watch implements privacy by design principles:

Default Privacy

  • Minimal Collection: Only essential data collected by default
  • Private by Default: New projects are private by default
  • Opt-In Features: Optional features require explicit consent

Privacy Features

Built-in privacy controls:

  • Data Export: Export all your data anytime
  • Account Deletion: Self-service account deletion
  • Consent Management: Granular consent controls
  • Activity Visibility: Control who sees your activity

Data Breach Notification

In the event of a data breach:

Notification Timeline

RecipientTimelineMethod
Supervisory AuthorityWithin 72 hoursOfficial notification
Affected UsersWithout undue delayEmail notification
PublicIf requiredWebsite notice

Breach Response

Our breach response includes:

  1. Containment: Immediate threat containment
  2. Assessment: Impact and scope evaluation
  3. Notification: Timely stakeholder notification
  4. Remediation: Addressing the root cause
  5. Review: Post-incident improvement

Contact Information

Data Protection Officer

For privacy inquiries:

Privacy Team

For general privacy questions:

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority.

Policy Updates

This policy may be updated periodically:

  • Notification: Email notification for material changes
  • Review: We recommend reviewing this policy regularly
  • Effective Date: Changes effective 30 days after notification

Last Updated: January 2025

Security

Comprehensive security measures protecting your forest management data

Audit Logs

Comprehensive activity tracking and audit logging for compliance and accountability

On this page

Data ProtectionPrivacy PrinciplesData MinimizationPurpose LimitationTransparencyGDPR ComplianceLegal Basis for ProcessingYour Rights Under GDPRExercising Your RightsLGPD ComplianceLGPD RightsPDPL Compliance (UAE)PDPL RightsResponse Time SLAData We CollectAccount DataUsage DataProject DataTechnical DataData ProcessingSub-ProcessorsInternational TransfersData SecurityTechnical MeasuresOrganizational MeasuresData RetentionRetention PeriodsData DeletionCookies & TrackingCookie TypesCookie ManagementDo Not TrackChildren's PrivacyPrivacy by DesignDefault PrivacyPrivacy FeaturesData Breach NotificationNotification TimelineBreach ResponseContact InformationData Protection OfficerPrivacy TeamSupervisory AuthorityPolicy UpdatesRelated Documentation