Semantec SEO

GDPR Notice

Written by

Kevin Maguire

in

Effective date: [10-February-2026]

This page explains how Semantec SEO approaches personal data processing under the General Data Protection Regulation, including the rights available to individuals, the legal bases that may apply to processing, and how to make a GDPR related request. It should be read together with the privacy policy, the cookie policy, the Terms of Use, the subscription terms, the acceptable use policy, and the legal disclaimer.

1. Who this page is for

This page is for individuals in the European Economic Area, and for anyone else whose personal data is processed in a way that brings the GDPR into scope. It explains the main rights GDPR gives to individuals and how Semantec SEO handles requests relating to those rights. Under official EU guidance, organisations must provide this information in a concise, transparent, intelligible, and easily accessible way, using clear and plain language.

2. Data controller

For GDPR purposes, the data controller is:

Semantec SEO
Support@semantecseo.com

If you have questions about how your personal data is handled, you can contact us using the details above or through the contact page. Under GDPR, the controller is the organisation that determines why and how personal data is processed. (EDPB)

3. Our role and the service providers we use

Semantec SEO acts as the controller for the personal data it collects and processes in connection with the website, billing, support, and access to MIRENA. We use service providers to help operate the service, including AuthFlow.ai for authentication and account access and Stripe for payment processing and billing.

Under GDPR, controllers may use processors, but they remain responsible for choosing processors that provide sufficient guarantees for appropriate technical and organisational measures.

4. The kinds of personal data we may process

Depending on how you interact with Semantec SEO, we may process personal data such as your name, email address, company name, billing information, support communications, account details, login and session data, and the inputs you submit through MIRENA, including topics, URLs, drafts, sitemaps, source material, and related workflow inputs.

We may also process outputs generated for you, usage data, device and browser information, IP address, logs, and related technical data needed for security, analytics, diagnostics, account access, or service delivery. The GDPR requires organisations to tell individuals who is collecting data, why it is being collected, and what categories of information are involved.

5. Why we process personal data

We process personal data to operate the website, provide access to MIRENA, authenticate users, manage subscriptions, process payments, respond to support requests, maintain security, improve service reliability, and comply with legal obligations.

We may also process submitted inputs so the service can generate structured outputs such as topical maps, briefs, audits, internal-link recommendations, and related workflow assets. Those uses should also be read alongside the privacy policy, the acceptable use policy, and the cookie policy.

6. Legal bases we may rely on

Where GDPR applies, we process personal data on one or more lawful bases recognised by the Regulation. Depending on the context, these may include:

  • Contract – where processing is necessary to provide the website, your account, paid access, or related services
  • Legitimate interests – where processing is necessary for security, fraud prevention, diagnostics, support, service administration, or product improvement
  • Legal obligation – where processing is necessary to comply with tax, accounting, regulatory, or enforcement obligations
  • Consent – where consent is required, including for certain cookie or marketing activities

Official EU guidance states that where consent is used, it must be freely given, specific, informed, and unambiguous, and expressed through a clear affirmative action.

7. GDPR principles we aim to follow

Where GDPR applies, Semantec SEO aims to process personal data in line with core GDPR principles. That means personal data should be processed lawfully, fairly, and transparently; collected for specified purposes; limited to what is necessary; kept accurate; retained only as long as needed; and protected through appropriate security. Official EU guidance also states that data should be stored for the shortest time possible, taking into account the reason it is processed and any legal obligations that require retention for a fixed period.

8. Your rights under GDPR

GDPR gives individuals a set of core rights over their personal data. Official EU and EDPB guidance identifies these rights as including the right to be informed, the right of access, the right to rectification, the right to erasure, the right to restriction of processing, the right to data portability, the right to object, and the right not to be subject to a decision based solely on automated processing in certain circumstances.

Right to be informed

You have the right to receive clear information about how your personal data is collected and used. That is one reason we provide this page together with the privacy policy and the cookie policy.

Right of access

You can ask whether we process your personal data and, where we do, request access to it together with related information about that processing. Official EDPB guidance confirms that organisations should respond without undue delay and at the latest within one month after receiving a valid request, subject to limited extensions in more complex cases.

Right to rectification

You can ask us to correct inaccurate personal data and to complete incomplete personal data where appropriate.

Right to erasure

You can ask for the deletion of personal data in certain circumstances. This right is not absolute, and there may be situations where Semantec SEO must retain data for legal, security, billing, or dispute-related reasons. Official EDPB guidance also confirms that erasure requests should be handled without undue delay and generally within one month, subject to limited extension in complex cases.

Right to restriction of processing

You can ask us to restrict the processing of your personal data in certain circumstances, such as while a dispute about accuracy or lawfulness is being resolved. (European Data Protection Supervisor)

Right to data portability

Where GDPR gives you this right, you can request certain personal data in a structured, commonly used, and machine readable format, or ask for it to be transmitted to another controller where technically feasible.

Right to object

You can object to certain processing, including processing based on legitimate interests in situations where GDPR gives you that right.

Rights relating to automated decision making

GDPR also recognises a right not to be subject to a decision based solely on automated processing, including profiling, in certain circumstances. If Semantec SEO relies on automated decision making in a way that triggers this part of GDPR, the relevant details should also be stated in the privacy policy.

9. How to exercise your rights

To make a GDPR related request, contact us using privacy@semantecseo.com or the contact page. To protect personal data, we may need to verify your identity before acting on certain requests.

Official EU and EDPB guidance states that organisations should respond without undue delay and at the latest within one month after receiving a request. That deadline can be extended by up to two further months where the request is complex or numerous, provided the individual is informed within the first month.

10. Cookies, consent, and GDPR

Where GDPR and related EU ePrivacy rules require it, Semantec SEO will seek consent before using non-essential cookies or similar technologies. Official EU guidance states that consent-based cookies cannot be set on first load before the required consent has been obtained, while some strictly necessary or authentication-related cookies may not require consent because they are needed for site or service functionality.

For more detail, read the cookie policy and the privacy policy. Authentication-related technologies may also be used by AuthFlow.ai to maintain account access, while payment related technologies may be used by Stripe during subscription or checkout flows.

11. International transfers

Your personal data may be processed in countries other than the country in which you are located. Where GDPR applies and international transfers take place, Semantec SEO should use an appropriate lawful transfer mechanism and suitable safeguards.

12. Retention

GDPR requires organisations not to keep personal data longer than necessary for the purposes for which it is processed. Official EU guidance says data should be stored for the shortest time possible, taking into account both the reason for processing and any legal obligations that require longer retention.

13. Data Protection Officer and representative

Kevin Maguire
support@semantecseo.com

Official EU guidance states that a DPO is required in certain cases, including where core activities involve large scale processing of sensitive data or large scale, regular, and systematic monitoring of individuals. 

14. Complaints to a supervisory authority

If you believe your personal data has been handled in a way that does not comply with GDPR, you have the right to lodge a complaint with a competent supervisory authority. Official EU guidance states that individuals can contact the controller directly and, where relevant, the Data Protection Officer, and also have the right to complain to the appropriate supervisory authority.

15. Changes to this page

Semantec SEO may update this GDPR page from time to time to reflect changes to the service, data practices, legal obligations, or provider relationships. When this page is updated, the effective date at the top will also be updated. Relevant updates may also be reflected in the product changelog or on related legal pages.

16. Related pages

For the wider privacy and legal framework, read the privacy policy, the cookie policy, the Terms of Use, the subscription terms, the acceptable use policy, and the legal disclaimer. For product context, see what MIRENA does, current pricing, the inputs guide, and the outputs guide.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts