GDPR Compliance

At DPPro, we are fully committed to GDPR compliance. This page explains how we handle your personal data and the rights you have under EU Regulation 2016/679 (General Data Protection Regulation).

Your Rights Under GDPR

As a data subject, you have the following rights: - Right of Access (Article 15): Request a copy of your personal data - Right to Rectification (Article 16): Correct inaccurate personal data - Right to Erasure (Article 17): Request deletion of your data - Right to Restrict Processing (Article 18): Limit how we use your data - Right to Data Portability (Article 20): Receive your data in a portable format - Right to Object (Article 21): Object to processing based on legitimate interests

Data Controller

DPPro acts as a data processor for your Shopify store data. Your Shopify store remains the data controller for customer data. For data we collect directly (support inquiries, account data), we act as the data controller.

Legal Basis for Processing

We process personal data under the following legal bases: - Contract Performance: To provide the DPPro service you subscribed to - Legal Obligation: To comply with EU ESPR regulations requiring 10-year data retention - Legitimate Interest: To improve our services and prevent fraud - Consent: For optional marketing communications (you can withdraw anytime)

Data We Process

We process the following categories of personal data: - Store Information: Shopify domain, email, business name - Product Data: Product details for Digital Product Passports - Compliance Data: Material composition, certifications, supply chain actors - Usage Data: App interactions, feature usage analytics - Support Data: Communications with our support team

Data Retention Periods

- Digital Product Passport Data: 10 years (EU ESPR legal requirement) - Audit Trail Records: 10 years (regulatory compliance) - Account Data: Duration of service + 2 years - Support Communications: 3 years - Marketing Data: Until consent withdrawal

International Data Transfers

Your data is stored and processed within the European Economic Area (EEA). We use EU-based hosting providers to ensure GDPR compliance. If any data transfer outside the EEA is required, we use Standard Contractual Clauses approved by the European Commission.

Data Export (Article 20)

DPPro provides a built-in GDPR export feature that allows you to download all your data in JSON format. This includes: - All Digital Product Passport records - Complete audit trail history - Compliance scores and metadata Access this feature from your DPPro dashboard under Settings > GDPR Export.

Data Protection Contact

For any GDPR-related requests or inquiries, please contact our Data Protection team. We aim to respond to all requests within 30 days as required by GDPR.