GDPR Compliance
Last updated: December 19, 2025
Overview
dbTAGS is fully committed to complying with the General Data Protection Regulation (GDPR). This page provides detailed information about how we handle the personal data of users located in the European Economic Area (EEA), United Kingdom, and Switzerland.
Data Controller
dbTAGS acts as the Data Controller for personal data collected through our services. We determine the purposes and means of processing your personal data.
Contact:
Email: privacy@dbtags.com
Data Protection Officer: dpo@dbtags.com
Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR Article 6:
Contract Performance (Art. 6(1)(b))
Processing necessary to provide our label design and inventory management services.
Consent (Art. 6(1)(a))
For marketing communications and optional features. You can withdraw consent at any time.
Legitimate Interests (Art. 6(1)(f))
Service improvement, fraud prevention, and security measures.
Legal Obligation (Art. 6(1)(c))
Tax records, regulatory compliance, and legal requirements.
Your GDPR Rights
Under GDPR, you have the following rights regarding your personal data:
π Right of Access (Art. 15)
Request a copy of all personal data we hold about you.
βοΈ Right to Rectification (Art. 16)
Request correction of inaccurate or incomplete data.
ποΈ Right to Erasure (Art. 17)
Request deletion of your data ("right to be forgotten").
βΈοΈ Right to Restrict (Art. 18)
Request limitation of how we process your data.
π¦ Right to Portability (Art. 20)
Receive your data in a machine-readable format.
β Right to Object (Art. 21)
Object to processing based on legitimate interests.
Data We Process
| Data Type | Purpose | Retention |
|---|---|---|
| Account Information | Service provision, authentication | Duration of account + 30 days |
| Inventory Data | Core service functionality | Duration of account + 30 days |
| Payment Data | Billing, subscription management | 7 years (legal requirement) |
| Usage Analytics | Service improvement | 26 months (anonymized) |
International Data Transfers
Your data may be transferred to and processed in countries outside the EEA. We ensure GDPR-compliant protection through:
- Standard Contractual Clauses (SCCs) with service providers
- Adequacy decisions where applicable
- Additional technical and organizational safeguards
Our Sub-processors: Supabase (database hosting), Stripe (payments), Vercel (website hosting), Google Analytics (anonymized analytics)
Security Measures
We implement appropriate technical and organizational measures to ensure data security:
How to Exercise Your Rights
To exercise any of your GDPR rights, you can:
- Email our Data Protection Officer at dpo@dbtags.com
- Use the data export/delete features in your account settings
- Contact us through our support system
We will respond to your request within 30 days. If we need more time (up to 60 additional days for complex requests), we will inform you.
Supervisory Authority
If you believe we have not handled your data correctly, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities can be found on the European Data Protection Board website.
Contact Our Data Protection Officer
For any GDPR-related questions or to exercise your rights:
Email: dpo@dbtags.com
Response Time: Within 30 days