GDPR Compliance

Your data, your rights. Stak is fully committed to GDPR and Swiss nFADP compliance.

Your Rights Under GDPR

Right to Access (Art. 15)

Request a copy of all personal data we hold about you.

Right to Rectification (Art. 16)

Correct inaccurate or incomplete personal data.

Right to Erasure (Art. 17)

Request deletion of your personal data ("right to be forgotten").

Right to Restrict Processing (Art. 18)

Limit how we process your data in certain situations.

Right to Data Portability (Art. 20)

Receive your data in a structured, machine-readable format (CSV/JSON).

Right to Object (Art. 21)

Object to processing based on legitimate interest or for direct marketing.

Right to Withdraw Consent

Withdraw consent for processing at any time, without affecting prior processing.

Right to Lodge Complaint

File a complaint with your local data protection authority.

Data Export

You can export all your data at any time using the platform's built-in export functionality. Supported formats include CSV and Excel. Full data exports are available for all collections: deals, investors, investments, commissions, and documents.

For a comprehensive data access request (including metadata, audit logs, and all personal data), email us at mail@stak.pe with the subject "GDPR Data Access Request". We will respond within 30 days.

Account Deletion

To request account deletion:

  1. Export any data you wish to keep using the platform's export feature
  2. Email mail@stak.pe with subject "Account Deletion Request"
  3. We will confirm receipt and process your request within 30 days
  4. Your data will be retained for 30 days after deletion to allow recovery
  5. After 90 days, all data including backups is permanently purged

This action is irreversible after the 30-day recovery period.

Data Processing Agreement

A Data Processing Agreement (DPA) incorporating Standard Contractual Clauses (SCCs) is available for all customers. The DPA covers data processor obligations, sub-processor management, security measures, and international data transfer safeguards.

Download or review the DPA at /legal/dpa or request a signed copy by emailing mail@stak.pe.

How to Exercise Your Rights

Send your request to mail@stak.pe with the subject line "GDPR Data Request: [Type]" (e.g., Access, Deletion, Portability).

Include:

  • The email address associated with your Stak account
  • A clear description of your request
  • Any relevant context or identifiers

We will acknowledge your request within 5 business days and complete it within 30 calendar days, as required by GDPR and nFADP.

Compliance Status

Stak is fully GDPR and Swiss nFADP compliant. We maintain an active data protection program with regular reviews, up-to-date processing records, and ongoing security assessments. For additional security details, visit our Security Trust Center.