Skip to main content
Demo Organization - Register of Processing Activities
​
​


Documentation

About GDPR LabsTerms and conditionsPrivacy and cookie policy

Privacy Policy

Last updated: June 14, 2026

This Privacy Policy describes how GDPR Labs ("we", "us", or "our") collects, uses, and protects personal data when you use the ROPA application ("Service").

We are committed to processing personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR").

1. Data controller

GDPR Labs
legal@gdpr-labs.com

2. Data we collect

CategoryExamplesPurpose
Account dataName, work email addressAccount creation and authentication
Usage dataPages visited, feature interactions, error logsService improvement and debugging
Content dataRegister entries you create in ROPAProviding the Service
Technical dataIP address, browser type, device identifiersSecurity and fraud prevention

3. Legal bases for processing

We process your personal data under the following legal bases (GDPR Art. 6):

  • Contract (Art. 6(1)(b)) — to provide the Service you have requested.
  • Legitimate interests (Art. 6(1)(f)) — to operate and improve the Service, prevent fraud, and ensure security.
  • Legal obligation (Art. 6(1)(c)) — where required by applicable law.

4. Data retention

We retain account and content data for as long as your account is active and for a reasonable period afterwards to comply with legal obligations. Usage and technical logs are retained for up to 12 months.

5. Data sharing

We do not sell your personal data. We may share it with:

  • Service providers acting as data processors (hosting, authentication, error monitoring) under data-processing agreements.
  • Authorities where required by law or court order.

6. International transfers

If personal data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses).

7. Your rights

Under the GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure — request deletion of your data ("right to be forgotten").
  • Restriction — request that we limit the processing of your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights contact us at legal@gdpr-labs.com. We will respond within 30 days. You also have the right to lodge a complaint with your national supervisory authority.

8. Cookies

The Service uses strictly necessary cookies for authentication session management. No tracking or advertising cookies are used.

9. Changes to this Policy

We may update this Policy from time to time. We will notify you of material changes by email or by a notice in the Service.

10. Contact

Data protection enquiries: legal@gdpr-labs.com