GDPR & Data Protection Policy
Effective Date: 25 December 2025
Website: PublicReward.com
1. Purpose & Scope
This GDPR Policy explains how PublicReward.com (“the Platform”, “we”, “us”, “our”) collects, processes, stores, and protects personal data in accordance with:
EU General Data Protection Regulation (GDPR) – Regulation (EU) 2016/679
UK GDPR & Data Protection Act 2018
International data protection principles
Applicable local laws, including the laws of Bangladesh where relevant
This Policy applies to all visitors, contributors, and users of the Platform.
2. Data Controller
For the purposes of EU GDPR and UK GDPR, PublicReward.com acts as the Data Controller.
Contact (GDPR & Data Protection):
📧 legal@publicreward.com
3. Lawful Bases for Processing
Personal data is processed only where at least one lawful basis applies:
Consent – where users voluntarily provide data
Contractual Necessity – to operate platform features
Legitimate Interests – platform security, abuse prevention, integrity
Legal Obligation – compliance with law or court orders
Public Interest & Freedom of Expression – lawful civic information and reporting (Article 85 GDPR)
Processing is limited to what is lawful, necessary, and proportionate.
4. Categories of Personal Data
4.1 Data Provided by Users
Name or pseudonym (where provided)
Email address
Communications and submissions
Information voluntarily included in reports or messages
4.2 Automatically Collected Data
IP address
Browser and device information
Date, time, and security logs
4.3 Special Category Data
PublicReward.com does not intentionally collect special category data (e.g., political opinions, health data).
If users voluntarily disclose such data, it is done at the user’s own risk and may be moderated or restricted where legally required.
5. Purpose Limitation & Data Minimisation
Data is collected strictly to:
Operate and secure the Platform
Receive and process lawful information submissions
Prevent misuse, fraud, and abuse
Comply with legal obligations
Improve platform performance (anonymised where possible)
The Platform does not engage in surveillance, profiling, or political targeting.
6. Public Content & User Responsibility
Users acknowledge that:
Certain submissions may become part of lawful records or communications
Any personal data included is shared at the user’s discretion
PublicReward.com is not responsible for lawful third-party reuse of publicly disclosed content
7. Data Retention
Personal data is retained only as long as necessary:
For the duration required to process submissions
For security, dispute resolution, or legal compliance
As required by applicable law
Deletion requests may be limited where retention is legally required or necessary to protect platform rights.
8. User Rights under GDPR
Where applicable, users have the right to:
Access personal data
Rectify inaccurate data
Erase data (“Right to be Forgotten”)
Restrict or object to processing
Data portability
Withdraw consent at any time
Lodge a complaint with a supervisory authority
Requests that are abusive, unfounded, or legally restricted may be refused.
9. Data Sharing & Third Parties
PublicReward.com does not sell personal data.
Data may be shared only with:
Trusted service providers (hosting, security)
Competent authorities where required by valid legal process
All third parties must comply with GDPR or equivalent safeguards.
10. International Data Transfers
Where data is transferred outside the EU/EEA or UK, appropriate safeguards are applied, including:
Standard Contractual Clauses (SCCs)
UK International Data Transfer Agreement (IDTA)
Equivalent lawful mechanisms
No transfer occurs in violation of mandatory data protection law.
11. Security Measures
Reasonable technical and organisational measures are implemented, including:
Access controls
Secure hosting environments
Monitoring and incident-response procedures
No system is completely secure, but proportionate safeguards are maintained.
12. Cookies & Tracking
The Platform uses:
Essential cookies (security and functionality)
Limited analytics cookies
Users may manage cookie preferences where required by law.
13. Children & Minors
The Platform is not intended for children without lawful guardian consent.
We do not knowingly process unlawful minor data.
14. Data Breach Notification
In the event of a personal data breach:
Relevant authorities will be notified where legally required
Affected users will be informed if there is a high risk to their rights and freedoms
15. Intermediary Status & Liability
To the maximum extent permitted by law:
PublicReward.com acts as an intermediary, not a publisher
The Platform is not automatically liable for user-submitted content
Mandatory legal liabilities are not excluded
16. Amendments
This GDPR Policy may be updated to reflect legal or operational changes.
Continued use of the Platform constitutes acceptance of the revised Policy.