At DORA Toolkit, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website and purchase our products. We are committed to complying with the General Data Protection Regulation (GDPR) and applicable EU data protection laws.
1. Data Controller
The data controller responsible for your personal data is:
2. What Data We Collect
We collect only the minimum data necessary to deliver our services:
a) Newsletter Subscription
- Email address -- provided when you subscribe to our mailing list.
b) Product Purchases
- Name and email address -- provided during checkout.
- Billing information -- processed by Lemon Squeezy (our payment processor). We do not store your credit card details, bank account numbers, or other payment credentials on our servers.
- Purchase records -- order details, product purchased, date, and amount for invoicing and support purposes.
c) Website Usage
- Basic analytics data -- page views, referral source, browser type, and country (collected anonymously, no personal identifiers).
3. Why We Collect Your Data
We use your data for the following purposes:
- To deliver products: Processing your order and providing access to purchased digital downloads.
- To send updates: Newsletter emails with DORA compliance tips, product updates, and regulatory insights (only if you have opted in).
- To provide customer support: Responding to questions, handling refund requests, and resolving issues.
- To improve our service: Understanding how our website is used to improve content and user experience.
- To comply with legal obligations: Maintaining records required by tax and accounting regulations.
4. Legal Basis for Processing
Under the GDPR, we process your data based on the following legal grounds:
- Consent (Article 6(1)(a)): For newsletter subscriptions. You can withdraw consent at any time by clicking "unsubscribe" in any email or contacting us directly.
- Performance of a contract (Article 6(1)(b)): For processing purchases and delivering digital products you have bought.
- Legitimate interest (Article 6(1)(f)): For website analytics (anonymized) to improve our service.
- Legal obligation (Article 6(1)(c)): For maintaining financial and tax records as required by law.
5. Third-Party Services
We use the following third-party services to operate our business. Each processes data in accordance with their own privacy policies:
Lemon Squeezy
Payment processing, invoicing, and EU VAT handling. Processes your name, email, billing address, and payment details to complete transactions.
Netlify
Website hosting. May process basic server logs (IP addresses, access times) as part of standard web hosting operations.
Email Service Provider
Newsletter delivery. Processes your email address and engagement data (opens, clicks) to deliver and optimize email communications.
We do not sell, rent, or share your personal data with any third party for their own marketing purposes.
6. Data Retention
- Newsletter data: Retained until you unsubscribe. Upon unsubscribing, your email address is deleted from our mailing list within 30 days.
- Purchase records: Retained for as long as required by applicable tax and accounting laws (typically up to 10 years for financial records in Romania/EU).
- Customer support correspondence: Retained for up to 2 years after your last interaction to provide continuity of support.
- Analytics data: Collected anonymously and retained in aggregate form. No individual personal data is stored for analytics purposes.
7. Your Rights Under GDPR
As a data subject under the GDPR, you have the following rights:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete personal data.
- Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to legal retention requirements.
- Right to data portability: Request your data in a structured, commonly used, machine-readable format.
- Right to restrict processing: Request that we limit the processing of your data in certain circumstances.
- Right to object: Object to the processing of your data based on legitimate interests.
- Right to withdraw consent: Withdraw your consent for newsletter communications at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
8. How to Exercise Your Rights
To exercise any of the rights listed above, please contact us at:
Email: contact@dora-toolkit.eu
We will respond to your request within 30 days, as required by the GDPR. We may ask you to verify your identity before processing your request.
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority.
9. Cookies
Our website uses minimal cookies. We do not use tracking cookies, advertising cookies, or third-party marketing cookies.
- Essential cookies: Required for basic website functionality (e.g., remembering cookie preferences).
- Analytics cookies: Used to collect anonymous usage statistics to understand how visitors interact with our website. No personally identifiable information is collected through analytics.
You can control cookie settings through your browser preferences. Disabling cookies may affect some website functionality.
10. International Data Transfers
Some of our third-party service providers may process data outside the European Economic Area (EEA). Where this occurs, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or that the service provider is based in a country with an adequate level of data protection as recognized by the EU.
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes using encrypted connections (HTTPS), secure payment processing through Lemon Squeezy, and limiting access to personal data to only those who need it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically to stay informed about how we protect your data.