GDPR Compliance Policy

Last Updated: March 12, 2025

1. Introduction

This GDPR Compliance Policy explains how Ground Zero Plus (“we,” “our,” or “us”) complies with the European Union’s General Data Protection Regulation (GDPR) and outlines the rights of EU data subjects. This policy supplements our Privacy Policy and applies specifically to individuals located in the European Economic Area (EEA).

2. Data Controller Information

Ground Zero Plus is the Data Controller for personal data collected through our website (https://groundzeroplus.com) and membership services. You can contact us regarding GDPR matters at:
Email: [email protected] Address: Fl;at 4 Westholme, Middle Warberry Road, Torquay UK, TQ11RS

3. Legal Basis for Processing

We process your personal data on the following legal grounds:

3.1 Contractual Necessity

  • To provide membership services you have subscribed to
  • To process payments through our payment processor, Stripe
  • To manage your account through MemberPress

3.2 Legitimate Interests

  • To improve our services and website functionality
  • To protect the security of our platform
  • To communicate important account information

3.3 Consent

  • To send marketing communications
  • To use certain types of cookies
  • To process certain types of personal data beyond what’s necessary for our services

3.4 Legal Obligation

  • To comply with legal requirements
  • For tax and accounting purposes

4. Your Rights Under GDPR

As an EEA resident, you have the following rights regarding your personal data:

4.1 Right to Access

You have the right to request copies of your personal data. We will provide this information within 30 days of your request.

4.2 Right to Rectification

You have the right to request that we correct any inaccurate information or complete any incomplete information we hold about you.

4.3 Right to Erasure (Right to be Forgotten)

You have the right to request the deletion of your personal data when:
  • The personal data is no longer necessary for the purposes for which it was collected
  • You withdraw consent on which the processing is based
  • You object to the processing and there are no overriding legitimate grounds
  • The personal data has been unlawfully processed
  • The personal data must be erased for compliance with a legal obligation

4.4 Right to Restriction of Processing

You have the right to request restriction of processing when:
  • You contest the accuracy of your personal data
  • The processing is unlawful, but you oppose erasure
  • We no longer need the personal data, but you require it for legal claims
  • You have objected to processing pending verification of legitimate grounds

4.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit this data to another controller.

4.6 Right to Object

You have the right to object to the processing of your personal data when:
  • Processing is based on legitimate interests or public interest
  • Processing is for direct marketing purposes
  • Processing is for scientific/historical research or statistical purposes

4.7 Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects.

5. How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected] with the subject line “GDPR Request.” We will respond to your request within 30 days. We may ask for additional information to verify your identity before processing your request.

6. Data Processing by Third Parties

6.1 MemberPress
We use MemberPress to manage our subscription services. MemberPress processes data in accordance with GDPR requirements. For more information, please review MemberPress’s privacy policy.
6.2 Stripe
We use Stripe for payment processing. Stripe acts as a data processor and complies with GDPR requirements. For more information, please review Stripe’s privacy policy.

7. International Data Transfers

Your personal data may be transferred to countries outside the EEA. When transferring data outside the EEA, we ensure that:
  • The transfer is to a country recognized by the European Commission as providing adequate protection, or
  • Appropriate safeguards such as Standard Contractual Clauses are in place, or
  • Derogations for specific situations as set out in Article 49 of the GDPR apply

8. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:
  • Notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach
  • Communicate the breach to you without undue delay if the breach is likely to result in a high risk to your rights and freedoms

9. Data Protection Impact Assessment

We conduct Data Protection Impact Assessments (DPIAs) when implementing new technologies or where processing is likely to result in a high risk to your rights and freedoms.

10. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who can be contacted at [email protected].

11. Lodging a Complaint

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

12. Changes to This Policy

We may update this GDPR Compliance Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the “Last Updated” date.