GDPR Compliance
Your privacy rights are protected under the General Data Protection Regulation (GDPR). Learn how we safeguard your data and respect your rights as an EU citizen.
Data Controller Information
Company Details
Name: Visatech S.R.L
Address: Via del Lauro 9, Milan, Italy - 20121
Registration: Italian Company Registry
Data Protection Contact
Email: dpo@docxbuddy.com
Phone: Available upon request
Response Time: Within 30 days
Your Rights Under GDPR
Right to Access
You have the right to request a copy of the personal data we hold about you.
Right to Rectification
You can request that we correct any inaccurate or incomplete personal data.
Right to Erasure
You have the right to request deletion of your personal data ('right to be forgotten').
Right to Data Portability
You can request your data in a structured, commonly used, and machine-readable format.
Right to Restrict Processing
You can request that we limit how we use your personal data while we address your concerns.
Right to Object
You have the right to object to certain types of processing, including direct marketing.
Data We Collect and Why
| Data Category | What We Collect | Purpose | Retention Period |
|---|---|---|---|
| Account Information | Name, email, password (encrypted) | Account creation and management | Until account deletion |
| Document Data | Uploaded files and content | Providing document processing services | 30 days after deletion |
| Usage Data | Service interaction logs | Service improvement and analytics | 12 months |
| Payment Information | Billing details (via payment processor) | Processing payments | As required by law (7 years) |
Legal Basis for Processing
Contract Performance
Processing necessary to provide our document services as per our terms of service.
Legitimate Interests
Processing for service improvement, security, and fraud prevention.
Consent
For marketing communications and optional features (you can withdraw consent anytime).
Legal Obligations
Processing required by law, such as tax records and regulatory compliance.
International Data Transfers
We ensure your data is protected when transferred outside the EU through appropriate safeguards:
Our Safeguards Include:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Encryption of all data in transit and at rest
- Regular security audits and assessments
- Preference for EU-based data centers where available
Third-Party Processors
Supabase
Purpose: Database and authentication
Location: USA
Stripe
Purpose: Payment processing
Location: USA/EU
Amazon S3
Purpose: Document storage
Location: EU (Milan)
OpenRouter
Purpose: AI processing
Location: USA
Data Breach Procedures
In the unlikely event of a data breach, we follow strict procedures:
- Within 72 hours: Notify relevant supervisory authorities
- Without undue delay: Inform affected individuals if there's high risk
- Document: Record all breach details and remedial actions
- Remediate: Take immediate steps to minimize impact
- Review: Analyze and improve security measures
How to Exercise Your Rights
Contact Our DPO
Send your request to our Data Protection Officer:
dpo@docxbuddy.com
Include your name, email, and specific request
What We Need
- Proof of identity (to protect your data)
- Clear description of your request
- Specific data or processing you're concerned about
We'll respond within 30 days of receiving your request
Lodge a Complaint
If you're not satisfied with our response, you have the right to lodge a complaint with:
Italian Data Protection Authority
Garante per la protezione dei dati personali
Piazza Venezia 11
00187 Roma, Italy
www.garanteprivacy.it
Your Local Authority
You can also contact the data protection authority in your country of residence.
Find your local authority
Policy Updates
This GDPR compliance page was last updated on January 8, 2025. We'll notify you of any material changes through your registered email address.
Have Questions About Your Data?
We're here to help you understand and exercise your rights under GDPR.