DRAFT — review before publishing. Fill in every placeholder (contact addresses, supervisory authority, sub-processors) and confirm the wording with a data-protection professional. It does not constitute legal advice.

Data Protection

GDPR & Your Data Rights

We build AI systems that handle real customer conversations, so data protection is core to what we do. This page summarises how we approach the EU General Data Protection Regulation (GDPR) and the rights you have over your personal data. For the full detail, see our Privacy Policy.

1Our commitment

We process personal data lawfully, fairly and transparently, and only for clearly defined purposes.
We aim to keep client and end-customer data hosted within the EU/EEA. [Confirm this matches your actual hosting/processors.]
We work with processors under data-processing agreements (Art. 28 GDPR) and apply appropriate security measures.
Where we act as a processor for our clients (handling their end-customers’ data), we process that data only on the client’s documented instructions.

2Controller & contact

For data we process as a controller, the responsible entity is Digitarius (operated by Wilhelm Hoffmann & Dmitry Rasin), Loukissia, 34100 Chalkida, Greece, and Carrer de Rogent 56, 08026 Barcelona, Spain. For any data-protection matter, contact dmitry@digitarius.eu.

3Your rights under the GDPR

Subject to the conditions in the GDPR, you have the right to:

Be informed — know what data we hold and how we use it (Art. 13–14).
Access — request a copy of your personal data (Art. 15).
Rectification — have inaccurate or incomplete data corrected (Art. 16).
Erasure — ask us to delete your data, where applicable (Art. 17).
Restriction — ask us to limit processing in certain circumstances (Art. 18).
Data portability — receive your data in a structured, machine-readable format (Art. 20).
Object — object to processing based on legitimate interests, and to direct marketing at any time (Art. 21).
Withdraw consent — where processing is based on consent, at any time, without affecting prior processing (Art. 7).
Not be subject to solely automated decisions that produce legal or similarly significant effects (Art. 22).

4How to exercise your rights

Send your request to dmitry@digitarius.eu. We will respond within one month, as required by the GDPR (extendable by two further months for complex requests, with notice). We may need to verify your identity first. Exercising your rights is free unless a request is manifestly unfounded or excessive.

If your data is processed by us on behalf of one of our clients (i.e. we are the processor), we will refer your request to that client as the controller, or act on their instructions.

5Right to complain

If you believe we have not handled your data correctly, you can lodge a complaint with your local data-protection supervisory authority — for example Agencia Española de Protección de Datos (AEPD) or Hellenic Data Protection Authority (HDPA). We would, however, appreciate the chance to address your concern first.

6International transfers & sub-processors

Where any processing takes place outside the EU/EEA, we rely on an adequacy decision or appropriate safeguards such as the EU Standard Contractual Clauses. A current list of sub-processors is available on request: [link or email].

7Retention

We retain personal data only for as long as necessary for the purposes for which it was collected or as required by law. See the retention section of our Privacy Policy for specifics.