GDPR Compliance

GDPR Compliance & Data Protection

Dropie s.r.o. is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), Slovak Data Protection Act (Act No. 18/2018 Coll.), and other applicable data protection laws.

Our Commitment

We process personal data lawfully, fairly, and transparently in accordance with GDPR and Slovak law. We collect only what's necessary, keep it secure with industry-leading encryption, and respect your rights.

Data Controller

Dropie s.r.o.

Slovak Republic

Email: support@dropie.io

Your Rights Under GDPR

Right to Access

GDPR Art. 15

Request a copy of your personal data and information about processing

Right to Rectification

GDPR Art. 16

Request corrections to inaccurate or incomplete personal data

Right to Erasure

GDPR Art. 17

Request deletion of your personal data ("right to be forgotten")

Right to Data Portability

GDPR Art. 20

Receive your data in a machine-readable format (JSON, CSV)

Right to Restrict Processing

GDPR Art. 18

Request limitation of how we use your personal data

Right to Object

GDPR Art. 21

Object to processing based on legitimate interests

To exercise any of these rights, contact us at support@dropie.io

Response time: Within 30 days (extendable by 60 days for complex requests)

Legal Basis for Processing

Under GDPR Article 6 and Slovak Data Protection Act, we process personal data based on:

Contract Performance

Art. 6(1)(b)

We process data necessary to provide our services and fulfill our contractual obligations to you.

Legitimate Interests

Art. 6(1)(f)

We may process data for security, fraud prevention, and service improvements.

Legal Obligations

Art. 6(1)(c)

We process data when required by Slovak and EU law, such as for tax purposes or e-signature audit trails.

Consent

Art. 6(1)(a)

For certain processing activities like marketing, we rely on your explicit consent.

Data We Collect & Retention Periods

Account Information

Duration of account + 30 daysContract performance

Name

Email address

Company details

Billing information

Document Data

User-controlledContract performance

Uploaded documents

Electronic signatures

Form submissions

Electronic Signatures & Audit Trails

Minimum 10 yearsLegal obligation (Act 272/2016)

Signer identification

Timestamps

IP addresses

Document hashes

Tax/Billing Records

10 yearsLegal obligation (Act 431/2002)

Invoices

Payment history

VAT records

Security Logs

2 yearsLegitimate interest

Access logs

Error logs

Authentication events

Technical & Organizational Measures

We implement comprehensive security measures per GDPR Article 32 to protect your personal data

AES-256 encryption at rest for all stored data

TLS 1.3 encryption in transit for all transfers

Multi-factor authentication available

EU data residency (AWS Frankfurt)

Strict access controls and audit logging

Regular employee privacy training

Incident response procedures in place

Data minimization practices applied

Data Breach Notification

Per GDPR Articles 33-34 and Slovak DPA requirements, we notify the supervisory authority within 72 hours of discovering a breach (if required) and notify affected individuals without undue delay (if high risk).

International Data Transfers

Primary Storage: European Union (AWS Frankfurt)

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

-Standard Contractual Clauses (SCCs) per Commission Decision 2021/914
-Supplementary security measures (encryption, access controls)
-Transfer Impact Assessments where required

Supervisory Authority

As a Slovak company, our supervisory authority is the Office for Personal Data Protection of the Slovak Republic. You have the right to lodge a complaint if you believe we have not complied with data protection law.

Urad na ochranu osobnych udajov Slovenskej republiky

(Office for Personal Data Protection of the Slovak Republic)

Hranicna 12

820 07 Bratislava 27