GDPR Compliance
We respect your privacy and are committed to protecting your personal data. This page explains how Grad Incubator aligns with GDPR principles and how you can exercise your rights.
Last updated: Feb 10, 2026
Our approach to data protection
We process personal data in line with GDPR principles such as lawfulness, fairness, transparency, data minimization, accuracy, storage limitation, integrity, and confidentiality.
Why we process data
- Consent (e.g., optional newsletters).
- Contract (e.g., delivering services you request).
- Legitimate interests (e.g., improving the platform, security).
- Legal obligations where applicable.
How long we keep data
We retain personal data only as long as needed for the purposes described, including providing the service, meeting legal requirements, resolving disputes, and enforcing our agreements. When data is no longer needed, we delete or anonymize it.
What you can request under GDPR
- Access to your personal data.
- Rectification of inaccurate data.
- Erasure ("right to be forgotten") where applicable.
- Restriction of processing in certain cases.
- Data portability for data you provided to us.
- Objection to processing based on legitimate interests.
- Withdraw consent at any time (where processing is based on consent).
- Lodge a complaint with a supervisory authority.
Request steps
Verify identity
To protect your data, we may ask for additional information to verify you.
We respond
We aim to respond within a reasonable timeframe and provide updates if more time is needed.
How we protect data
We use reasonable technical and organizational measures to protect personal data from unauthorized access, alteration, disclosure, or destruction.
If data is transferred internationally, we take steps intended to ensure an adequate level of protection consistent with GDPR requirements.