GDPR Compliance

Last Updated: May 5, 2025

Table of Contents

1. Introduction

At Studio2C OÜ, we are committed to protecting your personal data and respecting your privacy. This GDPR Compliance Statement explains how we comply with the European Union's General Data Protection Regulation (GDPR) in relation to our Scrivibe service (the "Service").

This statement should be read alongside our Privacy Policy, which provides more detailed information about our data processing practices.

2. Data Controller Information

Under the GDPR, Studio2C OÜ acts as the Data Controller for personal data collected through our Service. Our contact details are:

Studio2C OÜ
Peterburi tee 4-13, Lasnamäe linnaosa
11411 Tallinn (Harju) Estonia
VAT: EE102309832
Registry: 16087121
Email: support@studio2c.es

3. Personal Data We Collect

We collect and process personal data as outlined in our Privacy Policy. This may include:

  • Account information (name, email, username, etc.)
  • Payment information
  • User-generated content and eBook data
  • Usage data and analytics
  • Communication data (when you contact our support)
  • Technical data (IP address, device information, cookies, etc.)

Under the GDPR, we must have a legal basis for processing your personal data. We rely on the following legal bases:

  • Contract Performance: Processing necessary for the performance of our contract with you to provide the Service.
  • Legitimate Interests: Processing necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. This includes improving our Service, marketing, and preventing fraud.
  • Legal Obligation: Processing necessary to comply with our legal obligations.
  • Consent: Where you have given us specific consent to process your data for particular purposes.

5. Your Rights as a Data Subject

Under the GDPR, you have the following rights regarding your personal data:

  • Right to Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
  • Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal data in certain circumstances.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability: You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format, and to have it transferred to another controller.
  • Right to Object: You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.
  • Rights Related to Automated Decision Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects you.
  • Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

6. How to Exercise Your Rights

You may exercise your rights by contacting us at gdpr@studio2c.es. We will respond to your request within one month of receiving it. In certain cases, we may extend this period by up to two additional months if necessary, taking into account the complexity and number of requests.

If we do not take action on your request, we will inform you without delay and at the latest within one month of receiving your request, explaining why and informing you of your right to lodge a complaint with a supervisory authority.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

7. Data Security Measures

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data where appropriate
  • Regular testing and evaluation of the effectiveness of security measures
  • Secure network architecture and access controls
  • Regular security assessments and audits
  • Staff training on data protection and security procedures
  • Physical security measures for our facilities

8. Data Retention Policy

We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data, and applicable legal requirements.

In some circumstances, we may anonymize your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

9. International Data Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA). Whenever we transfer your personal data outside the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Transferring data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Using specific contracts approved by the European Commission (Standard Contractual Clauses) which give personal data the same protection it has in Europe.
  • If transferring data to the US, ensuring the recipient is part of the Privacy Shield (where applicable).

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

10. Data Breach Procedures

We have procedures in place to deal with any suspected personal data breach. In the event of a breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

11. Cookies and Similar Technologies

We use cookies and similar tracking technologies on our Service. For detailed information about the cookies we use and your choices regarding cookies, please see our Cookie Policy.

12. Changes to this Policy

We may update this GDPR Compliance Statement from time to time. We will notify you of any changes by posting the new statement on this page and updating the "Last Updated" date at the top of this statement.

We encourage you to review this statement periodically to stay informed about our data protection practices.

13. Contact Information

Studio2C OÜ

If you have any questions about this GDPR Compliance Statement or our data practices, please contact us:

Peterburi tee 4-13, Lasnamäe linnaosa
11411 Tallinn (Harju) Estonia
VAT: EE102309832
Registry: 16087121
Email: gdpr@studio2c.es

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes the GDPR. The supervisory authority in Estonia is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

Return to Top ↑
Terms of Service Privacy Policy Copyright Policy Acceptable Use GDPR Compliance Cookie Policy
Cookie Consent

We use cookies to enhance your experience. Essential cookies are necessary for the website to function properly.