Data Protection

GDPR Compliance

Last updated: January 11, 2026

Notion Embed is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR). This page explains how we handle personal data of users in the European Economic Area (EEA).

Our Commitment to GDPR

As a data controller and processor, we take our GDPR obligations seriously. We have implemented comprehensive measures to ensure compliance with all GDPR requirements.

Lawful basis for processing
Data minimization practices
Transparent privacy notices
User consent management
Data subject rights support
Security by design
Data breach procedures
Privacy impact assessments

Your Rights Under GDPR

As a user from the EEA, you have the following rights:

Right to Access (Article 15)

You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request.

Right to Rectification (Article 16)

You have the right to request correction of any inaccurate or incomplete personal data we hold about you.

Right to Erasure (Article 17)

You have the right to request deletion of your personal data in certain circumstances, commonly known as the "right to be forgotten."

Right to Restrict Processing (Article 18)

You have the right to request restriction of processing of your personal data in certain circumstances.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

Right to Object (Article 21)

You have the right to object to processing of your personal data in certain circumstances, including for direct marketing purposes.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that significantly affect you.

Legal Basis for Processing

We process personal data based on the following legal grounds:

  • Contractual necessity: Processing necessary to provide our services
  • Legitimate interests: Processing for our legitimate business purposes
  • Consent: Where you have given explicit consent for specific purposes
  • Legal obligation: Processing required by applicable laws

Data Transfers

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules where applicable

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. You can contact our DPO at:

  • Email: dpo@notionembed.com

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Our retention periods are based on:

  • The duration of your account with us
  • Legal requirements and obligations
  • Legitimate business needs

Security Measures

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit and at rest (AES-256)
  • Regular security audits and penetration testing
  • Employee training on data protection
  • Access controls and authentication measures
  • Incident response procedures

Exercising Your Rights

To exercise any of your GDPR rights, please contact us using the information below. We will respond to your request within one month.

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with your local data protection authority.

Contact Us

For any GDPR-related inquiries, please contact:

  • Email: gdpr@notionembed.com
  • DPO: dpo@notionembed.com

Request Your Data

Want to access, export, or delete your personal data? Submit a request and we'll process it within 30 days.

Submit Data Request