GDPR compliance

What is the general data protection regulation (GDPR)?

The General Data Protection Regulation (GDPR) is a comprehensive framework designed to harmonize data privacy laws throughout the European Union (EU) and the United Kingdom (UK). It offers individuals greater transparency and control over how their personal data is used, while holding organizations accountable for their data choices.

At Calira, we operate under a practice of "privacy by design," ensuring that appropriate technological and operational security measures are woven directly into our platform infrastructure.

Is Calira a Controller or a Processor?

Calira is considered a data controller.

We maintain an independent contractual relationship with our individual users. A core feature of our platform is the portability of user profiles. Because professionals and technical personnel frequently collaborate across multiple independent organizations, facilities, or labs, their profiles belong to them individually.

What personal data does Calira process?

We are fully committed to data minimization. We only collect and process the specific categories of personal data required to operate our core scheduling, booking, and platform functions:

  • Identity and Contact Data: Names and institutional/corporate email addresses.
  • User Profile Data: Industry sector (academia or industry) and optional details like job titles or phone numbers.
  • Usage & Technical Data: IP addresses, browser versions, facilities/resource booking logs, and technical interaction habits.

We do not collect any "special categories" of personal data (such as health status, racial origin, or religious beliefs).

How we handle Data Subject rights

Under the GDPR, users have robust data protection rights. Because Calira acts as an independent data controller, we are directly responsible for managing, reviewing, and fulfilling these data subject requests:

  • Right of Access & Portability: users can request a copy of all personal data tied to their portable profile.
  • Right to Rectification: users maintain the right to modify or update their profile data at any time.
  • Right to Deletion ("To be Forgotten"): Calira directly reviews and processes account deletion requests from data subjects, ensuring that data is not deleted prematurely if the profile is actively linked to another organization.

International data transfers (post-Brexit)

Calira is a UK-based company, and our platform is hosted on secure servers located within the EEA.

Following Brexit, the European Commission officially adopted an Adequacy Decision for the United Kingdom. This legally confirms that the UK provides an equivalent, satisfactory level of protection for personal data to that of the EU GDPR. As a result, data can continue to flow from European organizations and enterprises to Calira in the UK without the need for additional safeguards or DPAs.

Product
Manage equipmentBook equipmentReport usageTrack maintenanceManage usersSend notificationsIntegrationsWhat's newLabTrack™
Solutions
Increase asset visibilityStop booking conflictsTrack utilisationPrevent downtimePlan CapEXGet AI-ready dataEnterpriseSMBsShared labsAcademia
Resources
All resourcesCase studiesWebinarsEventsWhite papersBlogSupportQR stickersSystem status
Company
AboutPricingSign upLog inBook a demoContact
Get our newsletter
Subscribe to our newsletter for the latest features and updates.
You've been subscribed to our newsletter!
Oops! Something went wrong while submitting the form.
© 2026 Calira. All rights reserved.
PrivacyTermsGDPRSub-processorsCookies
Downward right pointing black triangleDownward right pointing black triangle