Privacy Policy
Last updated: June 14, 2026
This Privacy Policy describes how GDPR Labs ("we", "us", or "our") collects, uses, and protects personal data when you use the ROPA application ("Service").
We are committed to processing personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR").
1. Data controller
GDPR Labs
legal@gdpr-labs.com
2. Data we collect
| Category | Examples | Purpose |
|---|---|---|
| Account data | Name, work email address | Account creation and authentication |
| Usage data | Pages visited, feature interactions, error logs | Service improvement and debugging |
| Content data | Register entries you create in ROPA | Providing the Service |
| Technical data | IP address, browser type, device identifiers | Security and fraud prevention |
3. Legal bases for processing
We process your personal data under the following legal bases (GDPR Art. 6):
- Contract (Art. 6(1)(b)) — to provide the Service you have requested.
- Legitimate interests (Art. 6(1)(f)) — to operate and improve the Service, prevent fraud, and ensure security.
- Legal obligation (Art. 6(1)(c)) — where required by applicable law.
4. Data retention
We retain account and content data for as long as your account is active and for a reasonable period afterwards to comply with legal obligations. Usage and technical logs are retained for up to 12 months.
5. Data sharing
We do not sell your personal data. We may share it with:
- Service providers acting as data processors (hosting, authentication, error monitoring) under data-processing agreements.
- Authorities where required by law or court order.
6. International transfers
If personal data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses).
7. Your rights
Under the GDPR you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate data.
- Erasure — request deletion of your data ("right to be forgotten").
- Restriction — request that we limit the processing of your data.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.
To exercise any of these rights contact us at legal@gdpr-labs.com. We will respond within 30 days. You also have the right to lodge a complaint with your national supervisory authority.
8. Cookies
The Service uses strictly necessary cookies for authentication session management. No tracking or advertising cookies are used.
9. Changes to this Policy
We may update this Policy from time to time. We will notify you of material changes by email or by a notice in the Service.
10. Contact
Data protection enquiries: legal@gdpr-labs.com