danyvin.com

Privacy Policy

Updated: 2025-09-25

This Privacy Policy explains how danyvin ("we", "us", "our") processes personal data when you visit danyvin.com, create an account, download tracks, or purchase licenses. We act as a data controller under the EU General Data Protection Regulation (GDPR).

1) Who we are & how to contact us

  • Legal name: Danyl Vindiuk
  • Company/ID (IČO): 56150181
  • VAT (IČ DPH): SK3121891190
  • Address: Slovakia, Dolná 17, 969 01 Banská Štiavnica
  • Privacy/DSAR email: privacy@danyvin.com

You also have the right to lodge a complaint with your local data protection authority in the EEA.

2) Data we collect

Provided by you

  • Account data: email, username/login, password (stored securely).
  • Orders & licenses: purchase history, downloads, issued licenses, invoices.
  • Communications: support requests, form submissions.

Collected automatically

  • Technical metadata: IP address, device/browser type, language, referrer, events (logins, errors).
  • Cookies & similar tech (including localStorage). See the Cookie Policy for details.

From third parties

  • Payment processors (transaction identifiers, anti‑fraud signals).
  • Email/CDN/infra providers (delivery status, access metadata as needed).

3) Purposes & legal bases (GDPR Art. 6)

  • Provide the service / perform a contract: account creation, order processing, access to downloads/licenses, customer support. Legal basis: performance of a contract.
  • Security & abuse prevention: access logging, anomaly detection, rate limits. Legal basis: legitimate interests.
  • Marketing emails: only with your explicit opt‑in (and limited service announcements to existing customers where permitted). You can unsubscribe anytime. Legal basis: consent / legitimate interests.
  • Legal obligations: accounting/tax compliance, responses to lawful requests. Legal basis: legal obligation.
  • Analytics: not in use at this time. If introduced, we will update this Policy and obtain consent where required.

4) Cookies & similar technologies

  • Strictly necessary: session, security, language, basic preferences — operate without consent.
  • Functional/analytics/marketing: set only with your consent via the cookie banner. As of the update date, we do not use analytics or marketing cookies.

You can manage choices via the cookie banner. If your browser sends a Global Privacy Control (GPC) signal, we treat it as an opt‑out of non‑essential cookies/tags to the extent required by applicable law. See our separate Cookie Policy for details.

5) Who we share data with (recipients/processors)

We engage service providers as processors and share only what is necessary:

  • Payments: Stripe — transaction processing and fraud prevention.
  • Email (transactional): Mailgun — delivery of system messages (receipts, notifications).
  • CDN/security: Cloudflare — performance and protection of static resources and traffic.
  • Hosting/infrastructure: our hosting provider (may change; details available upon request).

Data may also be disclosed to banks, accountants, auditors, or legal advisers where necessary and lawful.

6) International transfers

Personal data may be transferred outside the EEA (e.g., to providers in the United States). Where this occurs, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) and/or participation of recipients in approved frameworks like the EU‑US Data Privacy Framework, and we apply minimisation and protection during transit.

7) Data retention

We retain personal data only as long as needed for the purposes described or to meet legal obligations:

  • Account & purchase history: until account deletion + 3 years after deactivation/last activity.
  • Licenses & invoices: 10 years (tax/accounting).
  • Security technical logs: 90 days.
  • Support history: 3 years.

8) Your rights (GDPR)

You may access, correct, delete, restrict, object, port your data, and withdraw consent at any time. Send requests from your account email to privacy@danyvin.com. We typically respond within 30 days.

9) California residents (CPRA)

We do not sell or share personal information for cross‑context behavioral advertising, and we do not target a significant audience in California. We honor Global Privacy Control (GPC) signals by disabling non‑essential tags where applicable.

10) Automated decisions & profiling

We do not make decisions producing legal or similarly significant effects based solely on automated processing.

11) Security

We implement technical and organisational measures: TLS in transit, role‑based access controls, logging, backups, regular updates, and least‑privilege principles. No online service can guarantee absolute security, but we aim for an appropriate level of protection.

12) Children

The service is not intended for individuals under 16 in the EEA and under 13 in the United States (COPPA). We do not knowingly collect children's data. If you believe a child provided data without parental/guardian consent, contact us and we will delete it.

13) Complaints

If you believe our processing violates GDPR, you can contact us at privacy@danyvin.com or lodge a complaint with your local data protection authority.

14) Changes to this Policy

We may update this Policy periodically. The updated version will be posted on this page with a new "Updated" date. If changes are material, we will notify you by email and/or via an on-site banner.

Download PDF