Privacy Policy
Your privacy is fundamental to everything we do at Dropie. This policy explains how we collect, use, and protect your information in compliance with GDPR and Slovak data protection law.
Last updated: December 29, 2025 | Applicable Law: Slovak Republic
Data Protection
AES-256 encryption at rest and TLS 1.3 in transit protect your data.
Access Control
You maintain full control over who can access your documents and data.
Transparency
Clear policies on how we collect, use, and protect your information.
Your Rights
Full compliance with GDPR and Slovak Data Protection Act.
1. Introduction
This Privacy Policy explains how Dropie s.r.o. (“Company,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards your personal data when you use our secure file sharing and data room platform (the “Service”) at dropie.io.
This Policy is prepared in accordance with:
- Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR)
- Act No. 18/2018 Coll. on the Protection of Personal Data (Slovak Data Protection Act)
- Act No. 351/2011 Coll. on Electronic Communications
- Act No. 22/2004 Coll. on Electronic Commerce
Data Controller
Dropie s.r.o.
Slovak Republic
Email: support@dropie.io
Website: https://dropie.io
2. Personal Data We Collect
2.1 Data You Provide
Account Data:
- Full name (meno a priezvisko)
- Email address
- Company name and ICO (if applicable)
- Billing address
- Password (stored in hashed format only)
Content Data:
- Documents and files you upload
- Electronic signatures
- Form submissions
- Comments and annotations
Communication Data:
- Support inquiries
- Feedback and correspondence
2.2 Data Collected Automatically
Technical Data:
- IP address
- Browser type and version
- Device information
- Operating system
Usage Data:
- Pages visited
- Features used
- Session duration
- Error logs
2.3 Electronic Signature Data
For electronic signatures compliant with Act No. 272/2016 Coll. on Trust Services (implementing eIDAS):
- Signer identification
- Timestamp (from trusted time source)
- IP address and device information
- Document hash for integrity verification
- Audit trail
3. Legal Basis for Processing
Under GDPR Article 6 and Slovak Data Protection Act, we process personal data based on:
| Purpose | Legal Basis |
|---|---|
| Account creation and management | Contract performance - Art. 6(1)(b) GDPR |
| Providing the Service | Contract performance - Art. 6(1)(b) GDPR |
| Electronic signatures and audit trails | Legal obligation - Art. 6(1)(c) GDPR, Act 272/2016 |
| Payment and billing | Contract performance - Art. 6(1)(b) GDPR |
| Security and fraud prevention | Legitimate interest - Art. 6(1)(f) GDPR |
| Legal compliance and tax records | Legal obligation - Art. 6(1)(c) GDPR, Act 431/2002 |
| Marketing communications | Consent - Art. 6(1)(a) GDPR |
4. How We Use Your Data
We use your personal data to:
- Provide the Service - Account management, file storage, document sharing, electronic signatures
- Ensure Security - Authentication, fraud prevention, access controls
- Communicate - Service notifications, support responses, legal notices
- Comply with Law - Tax records, audit trails, regulatory requirements
- Improve Service - Analytics, bug fixes, feature development (using anonymized data)
5. Data Sharing
5.1 We Do Not Sell Your Data
We never sell, rent, or trade your personal data to third parties.
5.2 Service Providers
We share data with processors who assist in providing the Service:
| Provider | Purpose | Location | Safeguard |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting | EU (Frankfurt) | EU data residency |
| Rainex | Payment processing | EU | DPA in place |
| Anthropic | AI processing (on request) | US | SCCs |
| Sentry | Error monitoring | US | SCCs |
All processors are bound by Data Processing Agreements per GDPR Article 28.
5.3 Legal Disclosure
We may disclose data when required by:
- Slovak law or court order
- Valid request from Slovak authorities
- Protection of legal rights
6. International Data Transfers
Primary Storage: European Union (AWS Frankfurt)
For transfers outside the EEA (e.g., to US-based processors), we implement:
- Standard Contractual Clauses (SCCs) per Commission Decision 2021/914
- Supplementary security measures (encryption, access controls)
- Transfer Impact Assessments
7. Data Retention
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Account data | Duration of account + 30 days | Contract |
| Documents | User-controlled | Contract |
| Electronic signatures | Minimum 10 years | Act 272/2016 Coll. |
| Audit trails | Minimum 10 years | Act 272/2016 Coll. |
| Tax/billing records | 10 years | Act 431/2002 Coll. |
| Security logs | 2 years | Legitimate interest |
8. Your Rights
Under GDPR and Slovak Data Protection Act, you have the following rights:
- Right of Access (GDPR Art. 15): Request a copy of your personal data and information about processing
- Right to Rectification (GDPR Art. 16): Request correction of inaccurate or incomplete data
- Right to Erasure (GDPR Art. 17): Request deletion of your data (“right to be forgotten”), subject to legal retention requirements
- Right to Restriction (GDPR Art. 18): Request limitation of processing in certain circumstances
- Right to Data Portability (GDPR Art. 20): Receive your data in a machine-readable format (JSON, CSV, or similar)
- Right to Object (GDPR Art. 21): Object to processing based on legitimate interests
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time
- Right to Lodge a Complaint: File a complaint with the Slovak DPA
How to Exercise Your Rights
Submit requests to: support@dropie.io
Required information:
- Your name and email
- The specific right you wish to exercise
- Details of your request
Response time: Within 30 days (extendable by 60 days for complex requests)
9. Data Security
We implement security measures per GDPR Article 32:
Technical Measures:
- AES-256 encryption at rest
- TLS 1.3 encryption in transit
- Multi-factor authentication
- Access controls and audit logging
- Regular security testing
Organizational Measures:
- Employee training and confidentiality obligations
- Access limited to authorized personnel
- Incident response procedures
- Regular security assessments
Data Breach Notification
Per GDPR Articles 33-34 and Slovak DPA requirements:
- We notify the Slovak DPA within 72 hours of discovering a breach (if required)
- We notify affected individuals without undue delay (if high risk)
10. Electronic Signatures
Our electronic signature service complies with:
- Regulation (EU) No 910/2014 (eIDAS)
- Act No. 272/2016 Coll. on Trust Services
Signature Types Offered:
- Simple Electronic Signature (SES)
- Advanced Electronic Signature (AES)
Signatures create legally binding documents under Slovak and EU law. Audit trails are retained for minimum 10 years as required by law.
11. Cookies and Tracking
We use cookies as described in our Cookie Policy.
Essential cookies are required for Service operation. Analytics cookies require your consent per Act No. 351/2011 Coll. on Electronic Communications.
12. Children's Data
The Service is not intended for persons under 16 years of age (the age of digital consent in Slovakia per GDPR Article 8). We do not knowingly collect data from children under 16. If we discover such data, we will delete it promptly.
13. Automated Decision-Making
We use limited automated processing:
- Fraud detection: Automated security analysis (human review available)
- AI features: Suggestions only, not binding decisions
You have the right to human intervention in significant automated decisions per GDPR Article 22.
14. Changes to This Policy
We may update this Policy. For material changes:
- We provide 30 days' notice via email
- We update the “Last Updated” date
- We require acknowledgment where legally required
15. Supervisory Authority
Urad na ochranu osobnych udajov Slovenskej republiky
(Office for Personal Data Protection of the Slovak Republic)
Hranicna 12
820 07 Bratislava 27
Slovak Republic
Tel: +421 2 3231 3214
Email: statny.dozor@pdp.gov.sk
Website: https://dataprotection.gov.sk
16. Contact Us
If you have questions about this Privacy Policy or your data, please contact us:
Privacy Inquiries
Blue Chip Investments s.r.o., BIN 52287670, Haanova 20, 851 04 Bratislava, Slovak Republic
17. Applicable Law
This Policy and all data processing activities are governed by:
- Regulation (EU) 2016/679 (GDPR)
- Act No. 18/2018 Coll. on Protection of Personal Data
- Laws of the Slovak Republic
Disputes shall be resolved by courts of the Slovak Republic with jurisdiction in Bratislava.
By using dropie.io, you acknowledge that you have read and understood this Privacy Policy. This Policy is provided in English for international accessibility. In case of any discrepancy with Slovak law, the applicable Slovak legal provisions shall prevail.
Your Privacy is Our Priority
We're committed to protecting your data with the highest security standards while providing transparent policies about how we handle your information.