Sign in Subscribe

GDPR Compliance Policy

GDPR Compliance Policy

Last Updated: 15.02.2025

1. INTRODUCTION

This General Data Protection Regulation (GDPR) Compliance Policy outlines how Dargslan s.r.o. ("we," "us," or "our") complies with the European Union's GDPR when collecting, processing, storing, and protecting personal data from individuals in the European Economic Area (EEA).

This policy supplements our Privacy Policy and provides additional details specifically regarding our GDPR compliance measures.

2. DATA CONTROLLER INFORMATION

Dargslan s.r.o.

1260/51 Sportova, Dunajska Streda, Trnava, 929 01 Slovakia

Company ID: 56 764 324

Email: info@dargslan.com

Data Protection Officer (if applicable):

privacy@dargslan.com

We process personal data on the following legal bases as required by Article 6 of the GDPR:

  • When you explicitly opt-in to receive marketing communications
  • When you agree to non-essential cookies on our Website
  • When you provide testimonials or reviews

3.2 Contractual Necessity (Art. 6(1)(b))

  • To process and fulfill your e-book purchases
  • To create and manage your user account
  • To provide customer support regarding your purchases
  • To deliver digital content to your devices

  • To maintain business and financial records for tax purposes
  • To comply with consumer protection laws
  • To respond to valid legal requests from public authorities

3.4 Legitimate Interests (Art. 6(1)(f))

  • To improve and optimize our Website
  • To detect and prevent fraud and security incidents
  • To analyze usage patterns of our e-book platform
  • To protect our intellectual property rights

In cases where we rely on legitimate interests as a basis for processing, we conduct balancing tests to ensure that our interests do not override your fundamental rights and freedoms.

4. DATA SUBJECT RIGHTS

Under the GDPR, individuals located in the EEA have enhanced rights regarding their personal data. We facilitate the exercise of these rights as follows:

4.1 Right to Access (Art. 15)

You have the right to obtain confirmation about whether we process your personal data and to receive a copy of that data along with information about:

  • The purposes of processing
  • Categories of personal data concerned
  • Recipients of your data
  • Retention periods
  • Information about your other rights
  • Source of the data (if not collected from you directly)
  • The existence of automated decision-making, including profiling

To exercise this right, submit a request via [EMAIL ADDRESS] or through the "Privacy Rights Request" form in your account settings.

4.2 Right to Rectification (Art. 16)

You have the right to have inaccurate personal data corrected and incomplete personal data completed. You can update most information directly through your account settings or by contacting our customer support.

4.3 Right to Erasure / Right to be Forgotten (Art. 17)

You have the right to request deletion of your personal data under certain circumstances, including when:

  • The data is no longer necessary for its original purpose
  • You withdraw your consent
  • You object to processing based on legitimate interests
  • The data was unlawfully processed

Note that we may retain certain information despite your erasure request if required by law or necessary for the establishment, exercise, or defense of legal claims.

4.4 Right to Restriction of Processing (Art. 18)

You have the right to request restricted processing of your personal data when:

  • You contest the accuracy of your data (while we verify it)
  • The processing is unlawful, but you oppose erasure
  • We no longer need the data, but you need it for legal claims
  • You have objected to processing (pending verification of our legitimate grounds)

4.5 Right to Data Portability (Art. 20)

For data processed based on consent or contractual necessity, and where processing is carried out by automated means, you have the right to:

  • Receive your personal data in a structured, commonly used, machine-readable format
  • Transmit that data to another controller where technically feasible

We will provide your e-book purchase history, account information, and other related data in a standard format upon request.

4.6 Right to Object (Art. 21)

You have the right to object to processing of your personal data that is based on legitimate interests or for direct marketing purposes. When you object:

  • We will cease processing for direct marketing immediately
  • For processing based on legitimate interests, we will cease unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for legal claims

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects, except in limited circumstances permitted by the GDPR.

Our e-book recommendation system uses automated processing to suggest titles you might enjoy, but these suggestions do not produce legal or similarly significant effects.

5. DATA SUBJECT RIGHTS REQUEST PROCEDURE

5.1 Making a Request

You can submit a data subject rights request by:

  • Emailing privacy@dargslan.com
  • Submitting a request through your account settings
  • Writing to our postal address marked "Data Protection"

5.2 Verification Process

To protect your privacy, we will verify your identity before fulfilling your request by:

  • Confirming email address and order details
  • Requesting additional verification information if needed
  • Using the authentication methods associated with your account

5.3 Response Timeline

We will respond to your request within one month of receipt. If complex or numerous requests are involved, we may extend this period by up to two additional months, informing you of any such extension within the first month.

5.4 Response Format

We will provide information electronically in a commonly used format unless you request otherwise.

5.5 Fees

We do not charge a fee for processing standard requests. However, we may charge a reasonable fee if your request is manifestly unfounded, excessive, or repetitive.

6. DATA PROTECTION MEASURES

6.1 Technical and Organizational Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit and at rest
  • Regular testing and evaluation of security measures
  • Ability to restore availability and access to personal data in a timely manner
  • Regular security training for staff
  • Access controls and authentication procedures
  • Data backup procedures

6.2 Data Protection by Design and Default

We incorporate data protection principles from the design stage of any new product, service, or process involving personal data by:

  • Minimizing data collection to what is necessary
  • Implementing privacy-enhancing technologies
  • Ensuring appropriate defaults that respect privacy
  • Conducting Data Protection Impact Assessments when required

6.3 Staff Training

All staff members who have access to personal data receive regular training on:

  • GDPR principles and requirements
  • Our data protection policies and procedures
  • Security best practices
  • Recognizing and reporting data breaches

7. DATA PROCESSING RECORDS

In accordance with Article 30 of the GDPR, we maintain records of our processing activities containing:

  • Our contact details and, where applicable, those of our Data Protection Officer
  • The purposes of processing
  • Categories of data subjects and personal data
  • Categories of recipients
  • International transfers and safeguards
  • Retention periods
  • Technical and organizational security measures

These records are maintained electronically and are available to supervisory authorities upon request.

8. DATA BREACH PROCEDURES

8.1 Internal Reporting

All staff members are trained to recognize and report suspected data breaches immediately to our designated Data Protection contact.

8.2 Assessment

Upon notification of a potential breach, we will:

  • Investigate to determine if a breach has occurred
  • Assess the nature and scope of the breach
  • Identify affected individuals and data
  • Evaluate the potential impact and risks

8.3 Notification to Supervisory Authority

Where feasible, we will notify the relevant supervisory authority within 72 hours of becoming aware of a data breach that poses a risk to individuals' rights and freedoms. The notification will include:

  • The nature of the breach
  • Categories and approximate number of affected individuals
  • Categories and approximate number of affected records
  • Contact details of our Data Protection Officer or other contact
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach and mitigate effects

8.4 Communication to Affected Individuals

When a breach likely results in a high risk to individuals' rights and freedoms, we will communicate the breach to affected individuals without undue delay. The communication will describe in clear language:

  • The nature of the breach
  • Contact details for more information
  • Likely consequences
  • Measures taken or proposed to address the breach and mitigate effects

9. INTERNATIONAL DATA TRANSFERS

9.1 Transfer Mechanisms

When we transfer personal data outside the EEA, we ensure appropriate safeguards through:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses adopted by the European Commission
  • Binding Corporate Rules (if applicable)
  • Derogations for specific situations under Article 49 of the GDPR

9.2 Current Transfers

We currently transfer data to the following countries outside the EEA:

  • [LIST COUNTRIES AND TRANSFER MECHANISMS]
  • Example: United States (Standard Contractual Clauses with additional safeguards)

9.3 Third-Party Service Providers

When engaging third-party service providers who process personal data outside the EEA, we:

  • Conduct due diligence on their data protection practices
  • Include appropriate data protection clauses in our contracts
  • Regularly review their compliance

10. DATA PROTECTION IMPACT ASSESSMENTS

10.1 When We Conduct DPIAs

We conduct Data Protection Impact Assessments (DPIAs) when processing is likely to result in high risk to individuals, particularly when:

  • Using new technologies
  • Processing on a large scale
  • Systematic monitoring of publicly accessible areas
  • Processing special categories of data on a large scale
  • Automated decision-making with legal or similar significant effects

10.2 DPIA Process

Our DPIA process includes:

  • Systematic description of processing operations and purposes
  • Assessment of necessity and proportionality
  • Assessment of risks to individuals' rights and freedoms
  • Measures to address risks and demonstrate compliance

10.3 Consultation with Supervisory Authority

Where a DPIA indicates high risk that cannot be sufficiently mitigated, we will consult with the relevant supervisory authority before proceeding with the processing.

11. DATA PROCESSORS

11.1 Selection of Processors

We only use data processors that provide sufficient guarantees to implement appropriate technical and organizational measures to meet GDPR requirements and protect data subjects' rights.

11.2 Data Processing Agreements

We have data processing agreements in place with all our processors that include:

  • Processing only on our documented instructions
  • Confidentiality commitments from authorized persons
  • Appropriate security measures
  • Assistance with data subject rights requests
  • Assistance with our GDPR compliance obligations
  • Deletion or return of all personal data after processing
  • Information to demonstrate compliance
  • Permission requirements for sub-processors

11.3 Current Processors

Our key data processors include:

  • Stripe (payment processing)
  • AWS, Google, Azure (e-book storage and delivery)
  • Zoho and MailChimps (customer communications)
  • Google (website analytics)

12. CONTACT AND COMPLAINTS

12.1 Contact Information

For any GDPR-related inquiries or to exercise your data subject rights, please contact:

Dargslan s.r.o.

Attn: Data Protection

1260/51 Sportova, Dunajska Streda, Trnava 929 01 Slovakia

Email: privacy@dargslan.com

12.2 Complaints

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

13. POLICY UPDATES

We review this GDPR Compliance Policy regularly and may update it to reflect changes in our practices or regulatory requirements. The current version will always be available on our Website with the "Last Updated" date at the top.