GDPR Notice

Your data protection rights under the General Data Protection Regulation (GDPR) and how we protect your personal information.

Last Updated: 2025-06-09

📋 GDPR Compliance Summary

• We respect your privacy rights under GDPR if you're located in the European Union

• You have full control over your personal data - access, rectify, erase, or port it

• We process data lawfully with clear legal bases and explicit consent where needed

• Data is minimized, secured, and retained only as long as necessary

• You can withdraw consent at any time and lodge complaints with supervisory authorities

🏢 Data Controller Information

Data Controller

Business Name: Pulcova

Type: Individual Software Engineer/Freelancer

Location: Operating globally, based remotely

Contact: hello@pulcova.store

Data Protection Officer

Email: hello@pulcova.store

Purpose: Handle privacy-related inquiries

Response Time: Within 30 days

Languages: English

⚖️ Your Rights Under GDPR

Guaranteed Rights for EU Residents

As an individual located in the European Union, you have specific rights regarding your personal data under GDPR.

Right of Access (Article 15)

You can request confirmation of whether we process your data and obtain a copy of your personal data.

  • • What data we have about you
  • • Why we're processing it
  • • Who we share it with
  • • How long we keep it

Right of Rectification (Article 16)

You can request correction of inaccurate personal data and completion of incomplete data.

  • • Correct wrong information
  • • Add missing details
  • • Update outdated information
  • • Fix spelling errors

Right of Erasure (Article 17)

You can request deletion of your personal data under certain circumstances ("Right to be Forgotten").

  • • Data no longer necessary
  • • Withdraw consent
  • • Unlawful processing
  • • Legal compliance requirement

Right to Restrict Processing (Article 18)

You can request limitation of processing your personal data in specific situations.

  • • Contest data accuracy
  • • Processing is unlawful
  • • Object to processing
  • • Legal claims pending

Right to Data Portability (Article 20)

You can receive your data in a structured, machine-readable format and transfer it to another service.

  • • Structured data export
  • • Machine-readable format
  • • Transfer to other services
  • • Direct transmission (if possible)

Right to Object (Article 21)

You can object to processing of your personal data based on legitimate interests or direct marketing.

  • • Object to marketing
  • • Object to profiling
  • • Object to legitimate interests
  • • Must provide specific reasons

📜 Legal Basis for Processing Your Data

Under GDPR, we must have a lawful basis for processing your personal data. Here are the legal bases we rely on:

6a Consent (Article 6(1)(a))

You have given clear consent for us to process your data for specific purposes.

Used for: Newsletter subscriptions, optional analytics, marketing communications

6b Contract (Article 6(1)(b))

Processing is necessary for performing a contract with you or to take steps before entering into a contract.

Used for: Service delivery, project communication, invoicing

6c Legal Obligation (Article 6(1)(c))

Processing is necessary to comply with legal obligations that apply to us.

Used for: Tax records, legal compliance, data breach notifications

6f Legitimate Interests (Article 6(1)(f))

Processing is necessary for our legitimate interests, provided your rights don't override these interests.

Used for: Website security, fraud prevention, business improvement

🔄 Data Processing Activities

Contact Form Processing

Data Collected

  • • Name
  • • Email address
  • • Subject line
  • • Message content
  • • IP address (for security)
  • • Browser information

Processing Details

Purpose: Respond to inquiries

Legal Basis: Legitimate interests

Retention: 2 years

Storage: Secure database

Website Analytics

Data Collected

  • • Page views and paths
  • • Session information
  • • Referrer websites
  • • Device and browser data
  • • Anonymized IP addresses
  • • Time stamps

Processing Details

Purpose: Website improvement

Legal Basis: Consent

Retention: 26 months

Storage: Local analytics system

Cookie Management

Data Collected

  • • Session identifiers
  • • CSRF tokens
  • • Theme preferences
  • • Language settings
  • • Security tokens

Processing Details

Purpose: Website functionality

Legal Basis: Legitimate interests

Retention: Session or 1 year

Storage: Browser cookies

🌍 International Data Transfers

Data Transfer Safeguards

As a global service provider, your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place:

Adequacy Decisions

We only transfer data to countries with European Commission adequacy decisions where possible.

Standard Contractual Clauses

For other transfers, we use EU-approved Standard Contractual Clauses (SCCs) to ensure protection.

Technical Safeguards

All data transfers are encrypted in transit and at rest using industry-standard encryption.

Data Minimization

We only transfer the minimum amount of personal data necessary for the specific purpose.

🤖 Automated Decision Making & Profiling

No Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you.

What This Means

  • • No AI-based decisions about you
  • • No automated profiling
  • • No algorithmic filtering
  • • All decisions made by humans

Basic Automation Only

  • • Simple spam detection
  • • Security monitoring
  • • Basic analytics aggregation
  • • Form validation

📋 How to Exercise Your Rights

Making a Data Subject Request

To exercise any of your GDPR rights, please contact us using the information below. We aim to respond within 30 days.

Contact Methods

hello@pulcova.store

Subject: "GDPR Data Subject Request"

Response within 30 days

Information to Include

  • • Your full name
  • • Email address used on our site
  • • Specific right you want to exercise
  • • Proof of identity (if required)
  • • Detailed description of your request
  • • Any relevant dates or references

Identity Verification

To protect your privacy, we may need to verify your identity before processing certain requests.

  • • Government-issued ID (for major requests)
  • • Proof of address (if required)
  • • Additional verification questions
  • • Email verification process

Response Timeline

We will acknowledge your request and provide updates on our progress.

Acknowledgment: Within 3 business days

Simple requests: Within 30 days

Complex requests: Up to 90 days (with notice)

Free of charge: Unless requests are excessive

🏛️ Right to Lodge a Complaint

Contact Your Data Protection Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority.

When to Contact Authorities

  • • We haven't responded to your request
  • • You're unsatisfied with our response
  • • You believe we're violating GDPR
  • • You need independent advice

How to Find Your Authority

Contact the supervisory authority in your EU member state where:

  • • You habitually reside
  • • You work, or
  • • The alleged infringement occurred

Find your data protection authority →

🚨 Data Breach Notification

Our Breach Response Commitment

In the unlikely event of a personal data breach that poses a high risk to your rights and freedoms, we will notify you directly within 72 hours of becoming aware of the breach.

≤ 72h
Authority notification
Immediate
Individual notification if high risk
Public
Communication if necessary

What We'll Tell You

  • • Nature of the breach
  • • Categories of data affected
  • • Likely consequences
  • • Measures taken to address the breach
  • • Measures to mitigate adverse effects
  • • Contact information for more details
  • • Steps you should take to protect yourself
  • • Timeline of events

📝 Updates to This GDPR Notice

We may update this GDPR notice from time to time to reflect changes in our practices, legal requirements, or for other operational reasons.

How We'll Notify You

  • • Update the "Last Updated" date
  • • Email notification for significant changes
  • • Website banner for major updates
  • • Direct contact for material changes affecting your rights

Your Options

  • • Review changes and continue using our services
  • • Contact us with questions or concerns
  • • Exercise your right to object or withdraw consent
  • • Request data deletion if you disagree with changes

📞 Contact Us About GDPR

If you have any questions about this GDPR notice, your personal data, or want to exercise your rights, please contact us:

Data Protection Inquiries

hello@pulcova.store

Contact Form

Response within 30 days

General Inquiries

hello@pulcova.store

For general questions about our services

Related Legal Documents

Privacy Policy Cookie Policy Terms & Conditions

Business Information:
Pulcova - Full Stack Software Engineering Services
Individual Software Engineer/Freelancer
Operating globally, serving clients worldwide

1