Privacy Policy

1. Data controller

Euralto LLC, a Delaware limited liability company (file number 10575584), is the data controller for personal data collected through euralto.com. Registered office: 8 The Green, Suite B, Dover, Delaware 19901, United States. Registered agent: Northwest Registered Agent Service, Inc. Contact: privacy@euralto.com.

2. Data we collect (GDPR Art. 13)

We collect the following personal data: Email address (collected via the sign-up form). Optionally: First name (collected via the sign-up form to personalise communications). We do not collect payment card data — payment is processed directly by Stripe, Inc. under their own privacy policy.

3. Purpose and legal basis

We process your personal data for the following purposes: (a) To send you updates about the EU Inc. legislative progress and Euralto's formation service — legal basis: consent (GDPR Art. 6(1)(a)); (b) To process and manage your priority reservation deposit — legal basis: performance of a contract (GDPR Art. 6(1)(b)); (c) To comply with applicable legal obligations — legal basis: legal obligation (GDPR Art. 6(1)(c)).

4. Data processors

We use the following processors to handle your personal data: Zapier, Inc. (USA) — webhook automation and form processing; Zoho Corporation (USA/India) — email delivery via Zoho Mail; Stripe, Inc. (USA) — payment processing for the $49 deposit. Each processor is bound by data processing agreements and handles data only as instructed by Euralto.

5. International transfers

Your personal data may be transferred to and processed in the United States. Such transfers are made on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of protection for your data as required by GDPR Chapter V.

6. Data retention

We retain your email address and name for as long as you maintain a reservation or active relationship with Euralto, and for up to 3 years thereafter for legal and business record-keeping purposes. You may request deletion at any time (see Your Rights below).

7. Your rights (all 8 GDPR rights)

Under GDPR, you have the following rights regarding your personal data:

• Right of access — Request a copy of the personal data we hold about you
• Right to rectification — Request correction of inaccurate personal data
• Right to erasure — Request deletion of your personal data ("right to be forgotten")
• Right to restriction — Request that we restrict processing of your data
• Right to data portability — Receive your data in a machine-readable format
• Right to object — Object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent — Withdraw consent at any time without affecting prior processing
• Right not to be subject to automated decision-making — We do not use automated decision-making or profiling

To exercise any of these rights, email privacy@euralto.com. We will respond within 30 days.

8. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority. If you are located in the EU, you may contact your local Data Protection Authority. A list of EU DPAs is available at edpb.europa.eu.

9. GDPR Article 27 representative

As Euralto LLC is a US entity processing EU personal data, we have appointed Data Protection Representative Limited (trading as DataRep) as our Article 27 representative for the EU/EEA.

To exercise your data subject rights, you may contact DataRep in any of the following ways:

• Email: datarequest@datarep.com — please quote "Euralto LLC" in the subject line
• Web form: www.datarep.com/data-request
• Post: to the DataRep office in your country — full address list available at www.datarep.com/data-request

Please ensure all postal correspondence is addressed to 'DataRep' and not 'Euralto LLC', otherwise it may not reach us. DataRep has locations in all 27 EU member states plus Norway and Iceland.

10. Texas Data Privacy and Security Act (TDPSA)

For Texas residents: Euralto LLC complies with the Texas Data Privacy and Security Act. You have the right to access, correct, delete, and opt out of the sale or sharing of your personal data. We do not sell personal data. To exercise your TDPSA rights, contact privacy@euralto.com.

11. Cookies

Euralto.com does not use tracking cookies, analytics cookies, or advertising cookies. We do not use Google Analytics or any third-party tracking pixels. The only scripts loaded on our site are Google Fonts (for typography) and Zapier (for form processing). No persistent cookies are set by Euralto.

12. Children's data

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact privacy@euralto.com immediately.

13. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. All data in transit is encrypted using TLS. We regularly review and update our security practices.

14. Standard Contractual Clauses

Where personal data is transferred to processors in the United States (Zapier, Zoho, Stripe), such transfers are governed by the European Commission's Standard Contractual Clauses (Module 2: Controller to Processor), ensuring adequate protection in accordance with GDPR Article 46.

15. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated to you by email. The current version is always available at euralto.com/privacy.

16. Contact

For all data protection and privacy enquiries: privacy@euralto.com

17. Legal email addresses

General enquiries: hello@euralto.com
Legal enquiries: legal@euralto.com
Privacy and data protection: privacy@euralto.com