Privacy Policy

Last Updated: April 7, 2026

BDR Fiduciary Audit LLC ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our EUDR Compliance & Geolocation Audit services.

1. Information We Collect

1.1 Personal Information

When you submit a compliance audit request, we may collect:

• Business contact information (name, company name, email address, phone number)
• Company registration details
• Geolocation data related to land plots and commodity sourcing locations
• Documentation uploaded for EUDR compliance verification

1.2 Technical Data

We automatically collect certain technical information when you visit our portal:

• IP address and device information
• Browser type and version
• Pages visited and time spent on our portal
• Referring website or application

2. Purpose of Data Processing

We process your data solely for the following purposes:

• Providing institutional-grade EUDR compliance audit services
• Geolocation data sanitization and verification for TRACES NT submissions
• Generating compliance documentation and audit reports
• Communicating regarding your audit status and requirements
• Improving our forensic data audit methodologies

3. Legal Basis for Processing

We process personal data under the following legal bases:

• Contractual Necessity: Processing required to fulfill our audit service contract with you
• Legitimate Interests: Improving our services and ensuring compliance with EUDR regulations
• Legal Obligations: Compliance with applicable EU and US regulatory requirements

4. Data Retention

We retain your personal data for the period necessary to fulfill the purposes outlined in this policy, typically:

• Audit documentation: 7 years following audit completion
• Geolocation data: 5 years following TRACES submission
• Communication records: 3 years following last contact

5. Data Security

We implement industry-standard security measures including:

• 256-bit SSL/TLS encryption for all data transmissions
• Secure cloud infrastructure with access controls
• Regular security assessments and penetration testing
• Staff training on data protection and confidentiality

6. Your Rights Under GDPR

If you are located in the European Economic Area, you have the following rights:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data (subject to legal retention requirements)
• Restriction: Request limitation of data processing
• Portability: Receive your data in a structured format
• Objection: Object to processing based on legitimate interests

7. Cookies and Tracking

We use cookies and similar tracking technologies to:

• Maintain session security
• Analyze portal usage patterns
• Remember your preferences

You may control cookie preferences through your browser settings.

8. Third-Party Disclosures

We do not sell your personal data. We may share data with:

• EU regulatory authorities as required by law
• Service providers (hosting, analytics) under strict data processing agreements
• Professional advisors under professional secrecy obligations

9. International Transfers

Your data may be transferred to and processed in the United States. We ensure appropriate safeguards through Standard Contractual Clauses or equivalent mechanisms.

10. Children's Privacy

Our services are intended for business clients and are not directed to individuals under 18 years of age.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy on this page with a revised "Last Updated" date.

12. Contact Us