GDPR & Your Data Rights
How to exercise your data protection rights on Repsalio
1. Our Commitment to Your Privacy
Although Repsalio is registered in Serbia, we voluntarily comply with the General Data Protection Regulation (GDPR) to ensure the highest standards of data protection for all our users, regardless of their location.
This page provides a quick reference for exercising your data rights. For complete information, please see our Privacy Policy.
2. Your Data Rights at a Glance
| Right | What It Means | How to Exercise |
|---|---|---|
| Access (Art. 15) | Get a copy of your personal data | Profile Settings → Export Data |
| Rectification (Art. 16) | Correct inaccurate personal data | Edit your profile directly |
| Erasure (Art. 17) | Delete your account and data | Security Settings → Delete Account |
| Portability (Art. 20) | Download your data in JSON format | Profile Settings → Export Data |
| Restriction (Art. 18) | Limit how we process your data | Contact us |
| Object (Art. 21) | Object to processing based on legitimate interests | Contact us |
| Withdraw Consent | Withdraw previously given consent | Account Settings or contact us |
3. Step-by-Step: Exercising Your Rights
For Agents
- Export your data: Go to /agent/profile → Click "Export Data"
- Edit your profile: Go to /agent/profile → Update any field
- Delete your account: Go to /agent/profile/security → Click "Delete Account"
For Companies
- Export your data: Go to /company/profile → Click "Export Data"
- Edit your profile: Go to /company/profile → Update any field
- Delete your account: Go to /company/profile/security → Click "Delete Account"
For Other Requests
For requests to restrict processing, object to processing, or other GDPR-related inquiries, please contact us at office@repsalio.com.
4. Response Times
- Self-service requests: Instant (export, edit profile)
- Account deletion: Completed within 30 days
- Email requests: Initial response within 72 hours
- Complex requests: Maximum 30 days (as per GDPR)
We will always confirm receipt of your request and keep you informed about the progress.
5. Our Sub-processors
We share your data with the following service providers to operate our platform:
| Service | Purpose | Location |
|---|---|---|
| MongoDB Atlas | Database hosting | EU (Frankfurt) |
| Vercel | Hosting, file storage, analytics | EU/US |
| Resend | Email delivery | US (GDPR-compliant) |
| Raiffeisen Bank | Payment processing (bank wire transfers) | Serbia (EU-compliant) |
| Upstash | Rate limiting | EU (GDPR-compliant) |
| Cloudflare | Bot protection (Turnstile) | Global (GDPR-compliant) |
All sub-processors are contractually bound to comply with GDPR requirements through Data Processing Agreements (DPAs).
6. Where Your Data Is Stored
- Primary database: MongoDB Atlas in EU (Frankfurt, Germany)
- File storage: Vercel Blob Storage (EU region preferred)
- Payment data: Billing information (company name, address, VAT) stored in our database. Bank transfers processed by Raiffeisen Bank in Serbia
When data is transferred outside the EU, we ensure adequate safeguards through Standard Contractual Clauses (SCCs).
7. Lodge a Complaint
If you believe we have violated your data protection rights, you have the right to lodge a complaint with your national data protection authority.
For EU residents: Find your national Data Protection Authority at European Data Protection Board.
We encourage you to contact us first so we can try to resolve your concerns directly.
8. Contact Our Data Protection Team
Email: office@repsalio.com
Subject line suggestion: "GDPR Request - [Your Request Type]"
Response time: Within 72 hours
For detailed information about our data practices, please see our Privacy Policy.