Committed to data protection
FlyingPapers is fully committed to compliance with the General Data Protection Regulation (GDPR). Here's how we protect your data rights.
GDPR Compliant Since Day One
FlyingPapers was built with privacy and data protection at its core. We don't just comply with GDPR — we embrace it as a fundamental part of how we build and operate our platform.
Your Data Rights
Under GDPR, you have the following rights regarding your personal data
Right of Access
Request a complete copy of all personal data we hold about you. We will provide this within 30 days of your request.
Right to Rectification
Request correction of any inaccurate or incomplete personal data. You can also update most information directly in your account settings.
Right to Erasure
Request deletion of your personal data ("right to be forgotten"). We will comply unless we have a legitimate legal basis for retention.
Right to Data Portability
Receive your personal data in a structured, commonly used, machine-readable format (JSON/CSV) that you can transfer to another service.
Right to Object
Object to processing of your personal data for specific purposes, including direct marketing and profiling.
Right to Restrict Processing
Request that we limit the processing of your personal data while a complaint or objection is being resolved.
How to Exercise Your Rights
Submit a Request
Contact our Data Protection Officer via the contact form or email. Clearly state which right you wish to exercise.
Identity Verification
For your protection, we may need to verify your identity before processing your request. This is typically done through your registered email address.
Processing
We will acknowledge your request within 3 business days and complete it within 30 days. If we need more time due to complexity, we will inform you within the initial 30-day period.
Resolution
You will receive confirmation once your request has been fulfilled. If we are unable to comply with any aspect of your request, we will explain our reasoning.
Technical & Organizational Measures
The safeguards we have in place to protect your personal data
Data Protection by Design
- Privacy impact assessments for new features
- Minimal data collection principle
- End-to-end encryption for document transfers
- Automatic data anonymization after retention period
Data Processing
- Clear legal basis for all data processing
- Documented data processing agreements (DPA)
- Sub-processor due diligence and monitoring
- Regular audits of data processing activities
International Transfers
- EU-based primary data storage
- Standard Contractual Clauses (SCCs) where needed
- Transfer impact assessments conducted
- Compliance with Schrems II requirements
Organizational Measures
- Designated Data Protection Officer
- Regular staff privacy training
- Incident response procedures (72-hour notification)
- Records of processing activities maintained
Legal Basis for Processing
Contract Performance
Processing necessary to provide you with the FlyingPapers service, manage your account, and fulfill our contractual obligations to you.
Legitimate Interest
Processing for platform security, fraud prevention, service improvement through aggregated analytics, and ensuring platform stability and performance.
Consent
Where we rely on your consent for specific processing activities (such as marketing communications), you can withdraw your consent at any time through your account settings.
Legal Obligation
Processing required to comply with applicable laws and regulations, including tax obligations and responding to lawful requests from public authorities.
Contact Our Data Protection Officer
For any GDPR-related inquiries, data access requests, or to exercise any of your data rights, please contact our Data Protection Officer.
You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your data protection rights have been violated.