Terms and Conditions for GDPR Audit and Compliance Services
Last update: 21 March 2025
1. Service Scope
The service includes the following GDPR audit and compliance activities:
Data Protection Audit: Comprehensive review of data protection practices and policies.
Website Data Processing Review: Identification of personal data collection and processing activities on the client's website.
GDPR Compliance Assessment: Evaluation of compliance with GDPR requirements, including consent management, data retention, and data subject rights.
Data Protection Impact Assessment (DPIA): Analysis of high-risk data processing activities, if applicable.
Compliance Recommendations: Detailed report with findings and actionable steps for achieving GDPR compliance.
The first stage of the service is dedicated to information gathering, analysis, and reporting, including:
Initial consultation to understand the client's business and data processing activities.
Data flow mapping to document data collection, processing, and storage practices.
Preparation of the GDPR compliance report with findings and recommendations.
2. Credits Usage
Each subscription plan includes a (monthly/yearly) allocation of credits and each Single Shot Order includes a 1 time allocation of credits that are used for various tasks, such as:
Compliance reviews and updates.
Implementation of recommended changes.
Follow-up assessments to verify the implementation of corrective measures.
Additional consulting sessions for GDPR-related queries or guidance.
Automatic Credit Usage:
We will use available credits for minor interventions and follow-up tasks up to 1 hour worth of credits per task without requesting prior approval from the client. This ensures timely resolution of minor compliance issues.
For tasks that require more than 1 hour worth of credits, we will always seek client approval before proceeding.
Credit Rollover:
Unused credits roll over to the next month for a maximum of 6 months. After 6 months, any unused credits will expire.
3. Additional Work
If additional work is required beyond the scope of the regular GDPR audit services or if the audit and/or remediation and/or reporting requires more time than is allocated for the purchased service, clients may use their available credits or purchase additional credits to expedite the work.
4. Billing and Payments
The monthly or yearly subscription fee and Single Shot Orders are billed in advance and cover the GDPR audit services, as well as the (monthly/yearly/one-time) allocation of credits.
Additional credits can be purchased separately and are billed at the time of purchase.
We reserve the right to change our pricing model and/or prices and/or discounts at any moment. All pricing modifications will be communicated to those subscribed to the affected services at least 30 days before these changes take effect.
5. Cancellation Policy
Subscriptions can be cancelled at any time. Upon cancellation, the service will continue until the end of the current billing cycle (monthly or yearly), after which it will be discontinued. No refunds will be issued for unused credits or subscription fees, regardless of the cancellation date.
Single Shot Orders (non-subscription based) can be cancelled at any time. A 50% refund will be provided in case the work has not been started. No refund will be provided once the GDPR audit process has been started.
6. Limitations
CamelWeb is not responsible for compliance issues arising from third-party software, plugins, or services not directly managed by us. However, we will make reasonable efforts to provide recommendations and guidance to address such issues.
7. Acceptance of Terms
By subscribing to and/or ordering the service, clients agree to these terms and conditions.