GDPR Compliance
Last updated: March 4, 2025
1. Introduction
At copyto.me, we are committed to protecting the privacy and rights of our users in accordance with the General Data Protection Regulation (GDPR). This document outlines how we comply with GDPR requirements.
2. Data Controller
copyto.me acts as a data controller for the personal data we collect and process. As the data controller, we determine the purposes and means of processing personal data.
3. Data Protection Principles
We adhere to the following data protection principles:
- Lawfulness, fairness, and transparency: We process data lawfully, fairly, and transparently.
- Purpose limitation: We collect data for specified, explicit, and legitimate purposes.
- Data minimization: We limit data collection to what is necessary for the purposes for which it is processed.
- Accuracy: We take reasonable steps to ensure the data we process is accurate and up to date.
- Storage limitation: We do not store data for longer than necessary.
- Integrity and confidentiality: We process data securely, protecting against unauthorized or unlawful processing and accidental loss, destruction, or damage.
4. Lawful Basis for Processing
We process personal data on the following lawful grounds:
- Consent: We obtain clear consent for specific data processing activities.
- Contract: Processing is necessary for the performance of a contract with you.
- Legal obligation: Processing is necessary for compliance with legal obligations.
- Legitimate interests: Processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.
5. Data Subject Rights
Under the GDPR, you have the following rights:
- Right to be informed: Information about how we collect and use your personal data.
- Right of access: Access to your personal data and supplementary information.
- Right to rectification: Correction of inaccurate or incomplete personal data.
- Right to erasure: Deletion of your personal data in certain circumstances.
- Right to restrict processing: Restriction of processing of your personal data in certain circumstances.
- Right to data portability: Obtaining and reusing your personal data for your own purposes across different services.
- Right to object: Objection to processing based on legitimate interests, direct marketing, and processing for research and statistics.
- Rights related to automated decision-making and profiling: Safeguards against potentially damaging decisions without human intervention.
To exercise any of these rights, please contact us using the information provided below.
6. Data Protection Officer
You can contact our Data Protection Officer with any questions, concerns, or requests regarding your personal data:
7. International Data Transfers
When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place in accordance with GDPR requirements. These may include:
- Adequacy decisions
- Standard contractual clauses
- Binding corporate rules
- Other appropriate safeguards
8. Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
9. Data Protection Impact Assessment
We conduct data protection impact assessments for processing operations that may result in a high risk to your rights and freedoms.
10. Records of Processing Activities
We maintain records of our processing activities as required by the GDPR.
11. Cookies and Tracking Technologies
We use cookies and similar tracking technologies in accordance with GDPR requirements. For more information, please see our Cookie Policy.
12. Changes to This GDPR Compliance Statement
We may update this GDPR Compliance Statement from time to time. We will notify you of significant changes by posting the updated statement on our website or through other communication channels.
13. Contact Us
If you have any questions about our GDPR compliance or want to exercise your rights, please contact us at: