Data Controller
MR Digital Services (MR Digital Services)
We act as the Data Controller for all personal data processed through Billing Notifications subscription management services. This means we determine the purposes and means of processing your personal data and are responsible for ensuring compliance with the GDPR.
- Company: MR Digital Services (MR Digital Services)
- Location: Morocco
- Data Protection Officer (DPO): privacy@billing-notify.com
Your 8 Data Subject Rights
Under Articles 12–22 of the GDPR, you are entitled to the following rights regarding your personal data. Each right is described below with a practical explanation of how it applies to our services.
1. Right to Be Informed (Articles 13 & 14)
You have the right to be informed about how we collect and use your personal data. This includes knowing what data we collect, why we collect it, how long we retain it, and who we share it with. We fulfill this obligation through our Privacy Policy, this GDPR page, and any notices provided at the point of data collection. We will always communicate this information in clear, plain language.
2. Right of Access (Article 15)
You have the right to request a copy of all personal data we hold about you, commonly known as a Subject Access Request (SAR). Upon request, we will provide you with a copy of your data in a commonly used electronic format, along with information about how it is being processed, the categories of data involved, any recipients it has been shared with, and the retention period. This service is provided free of charge for reasonable requests.
3. Right to Rectification (Article 16)
You have the right to request correction of any inaccurate personal data we hold about you, or to have incomplete data completed. If we have shared the data in question with third parties, we will inform them of the rectification where possible. You can update most account information directly through your account settings, or contact us for corrections to data not directly editable.
4. Right to Erasure / Right to Be Forgotten (Article 17)
You have the right to request deletion of your personal data when it is no longer necessary for the purpose it was collected, when you withdraw consent, when you object to processing and there are no overriding legitimate grounds, or when the data was unlawfully processed. Please note that we may need to retain certain data for legal compliance (e.g., tax records, fraud prevention) even after an erasure request, but we will inform you of any such exceptions.
5. Right to Restriction of Processing (Article 18)
You have the right to request that we restrict (pause) the processing of your personal data in certain circumstances: when you contest the accuracy of the data (while we verify it), when processing is unlawful but you prefer restriction over erasure, when we no longer need the data but you need it for legal claims, or when you have objected to processing (while we verify legitimate grounds). During restriction, we will store your data but not actively process it.
6. Right to Data Portability (Article 20)
You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format (such as JSON or CSV). You also have the right to request that we transmit this data directly to another service provider where technically feasible. This right applies to data processed based on your consent or contractual necessity and carried out by automated means.
7. Right to Object (Article 21)
You have the right to object to the processing of your personal data where we rely on legitimate interests or public interest as our legal basis. Upon receiving your objection, we will cease processing unless we can demonstrate compelling legitimate grounds that override your rights. You also have an absolute right to object to processing for direct marketing purposes at any time, and we will stop such processing immediately upon request.
8. Rights Related to Automated Decision-Making (Article 22)
You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significant effects on you. If we ever implement automated decision-making, you will have the right to obtain human intervention, express your point of view, and contest the decision. Currently, Billing Notifications does not make any solely automated decisions that significantly affect our users.
How to Submit a Request
You can exercise any of the rights described above by submitting a Subject Access Request (SAR) or data rights request through one of the following methods:
By Email
Send your request to our Data Protection Officer:
Include your full name, the email address associated with your account, and a description of which right(s) you wish to exercise.
By Other Support Methods
You can also submit requests through our other support methods:
Please reference "GDPR Data Request" in your message subject or opening line.
Identity Verification
To protect your data from unauthorized access, we may need to verify your identity before processing your request. We will ask for the minimum information necessary to confirm your identity, typically your account email address and one additional piece of identifying information.
Response Commitment
All responses will be provided free of charge. In exceptional cases involving manifestly unfounded or excessive requests (particularly if repetitive), we may charge a reasonable administrative fee or refuse the request, but we will always explain our reasoning.
Supervisory Authority
If you are unsatisfied with our response to your data rights request, or if you believe that we are processing your personal data in a way that violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You may contact the supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement.
European Data Protection Authorities
A directory of EU/EEA Data Protection Authorities is maintained by the European Data Protection Board (EDPB):
- EDPB: https://edpb.europa.eu/about-edpb/about-edpb/members_en
- CNIL (France): www.cnil.fr
- ICO (United Kingdom): ico.org.uk
- BfDI (Germany): www.bfdi.bund.de
We encourage you to contact us first at privacy@billing-notify.com so we can attempt to resolve your concern directly.
Legal Basis for Processing
We process personal data under one or more of the following legal bases:
- Contractual Necessity (Article 6(1)(b)): Processing necessary to perform our subscription management services as agreed with you.
- Legitimate Interests (Article 6(1)(f)): Processing for fraud prevention, security, and service improvement, balanced against your rights.
- Consent (Article 6(1)(a)): Where you have given explicit consent for specific processing activities (e.g., marketing communications).
- Legal Obligation (Article 6(1)(c)): Processing required to comply with applicable laws and regulations.
International Data Transfers
When personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to countries with an adequacy decision.
Related Policies
- Privacy Policy — Full details on data collection, use, and retention
- Terms of Service — Your agreement with Billing Notifications
- Cookie Policy — How we use cookies
- Security Practices — How we protect your data