GDPR Compliance - Site Monitering

Site Monitering is committed to protecting the privacy and rights of individuals in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This page outlines how we comply with GDPR requirements and explains your rights as a data subject.

1. Our Role Under GDPR

Under the GDPR, Site Monitering acts as:

Data Controller: For your account data, billing information, and usage analytics. We determine the purposes and means of processing this data.
Data Processor: For the website monitoring data (URLs, response times, uptime records) you configure through the Service. You determine what websites to monitor, and we process the resulting data on your behalf to provide the Service.

2. Lawful Bases for Processing

We process personal data under the following lawful bases as defined by GDPR Article 6:

Contract Performance (Art. 6(1)(b)): Processing necessary to provide the monitoring service you signed up for — account management, executing health checks, delivering alerts, and displaying analytics.
Legitimate Interest (Art. 6(1)(f)): Processing for security purposes (fraud prevention, abuse detection), service improvement based on aggregate usage patterns, and essential operational communications.
Consent (Art. 6(1)(a)): Marketing communications and non-essential analytics cookies. You can withdraw consent at any time.
Legal Obligation (Art. 6(1)(c)): Retaining billing records as required by tax and accounting regulations.

3. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights:

Right of Access (Art. 15)

You can request a copy of all personal data we hold about you. We will provide this in a structured, commonly used, machine-readable format within 30 days.

Right to Rectification (Art. 16)

You can request correction of inaccurate personal data. You can update most information directly through your account settings.

Right to Erasure (Art. 17)

You can request deletion of your personal data. When you delete your account, we remove your data within 30 days, except where retention is legally required.

Right to Restriction (Art. 18)

You can request that we restrict processing of your data in certain circumstances, such as while we verify the accuracy of contested data.

Right to Data Portability (Art. 20)

You can request your data in a structured, commonly used format (JSON/CSV) and have it transferred to another service provider where technically feasible.

Right to Object (Art. 21)

You can object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

Right to Withdraw Consent (Art. 7(3))

Where processing is based on consent, you can withdraw consent at any time without affecting the lawfulness of prior processing.

4. Data Protection Measures

We implement appropriate technical and organizational measures to ensure data security as required by GDPR Article 32:

Encryption: All data in transit is encrypted using TLS 1.2+. Sensitive data at rest is encrypted using AES-256.
Access Controls: Strict role-based access controls limit who can access personal data within our organization.
Password Security: User passwords are hashed using bcrypt with salt — we never store plaintext passwords.
Monitoring: We monitor our systems for security incidents and maintain audit logs of data access.
Vendor Assessment: Third-party processors (payment providers, cloud infrastructure) are assessed for GDPR compliance before engagement.
Data Minimization: We collect only the data necessary to provide the Service and do not process data beyond its stated purpose.

5. International Data Transfers

Our infrastructure may process data in regions outside the EU/EEA. Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions where applicable, and selecting processors who maintain certifications and compliance frameworks (SOC 2, ISO 27001).

6. Data Breach Notification

In the event of a personal data breach that poses a risk to individuals' rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. Where the breach is likely to result in a high risk to individuals, we will also notify affected data subjects directly (Article 34).

7. Data Protection Officer

For any GDPR-related inquiries, data subject access requests, or concerns about our data processing practices, please contact our data protection team:

Email: dpo@sitemonitoring.com

Response Time: We aim to respond to all data subject requests within 30 days.

8. Supervisory Authority

If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU data protection authorities can be found on the European Data Protection Board website.

9. Related Policies

For more information about our data practices, please review:

Privacy Policy — Full details on data collection, use, and sharing.
Cookie Policy — Information about cookies and tracking technologies.
Terms of Service — General terms governing use of the Service.