GDPR Compliance
Our GDPR Commitment
RoxyProxy is fully compliant with the General Data Protection Regulation (GDPR). As a company based in France, we strictly adhere to the European Union's data protection principles.
π‘οΈ Fundamental principles applied:
- Lawfulness, fairness and transparency of processing
- Purpose limitation (data collected for specific purposes)
- Data minimization (strictly necessary)
- Accuracy and keeping data up to date
- Storage limitation
- Integrity and confidentiality (enhanced security)
Your Detailed Rights
1. Right of Access (Art. 15 GDPR)
You can obtain:
- Confirmation whether or not we process your data
- Full copy of your personal data
- Information about purposes, recipients, retention periods
- Response time: 30 days maximum
2. Right to Rectification (Art. 16 GDPR)
Immediately correct any inaccurate or incomplete data concerning you. Real-time updates via your Telegram interface or upon request.
3. Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)
Request deletion of your data if:
- They are no longer necessary in relation to the purposes
- You withdraw your consent
- You object to the processing
- They have been unlawfully processed
Exception: Mandatory retention for compliance with legal obligations (invoices 10 years, security logs 7 days minimum)
4. Right to Restriction of Processing (Art. 18 GDPR)
Temporarily suspend processing of your data while verifying their accuracy, contesting their lawfulness, or pending the outcome of a complaint.
5. Right to Data Portability (Art. 20 GDPR)
Receive your data in a structured, commonly used and machine-readable format (JSON, CSV) to:
- Keep it for your personal use
- Transmit it to another service provider
6. Right to Object (Art. 21 GDPR)
Object at any time to:
- Processing for direct marketing purposes (marketing opt-out)
- Processing based on legitimate interest
- Automated profiling (if applicable)
7. Right to Withdraw Consent (Art. 7(3) GDPR)
Withdraw your consent at any time (analytical cookies, marketing communications). Withdrawal does not affect the lawfulness of prior processing.
How to Exercise Your Rights?
π§ By Email
With proof of identity (protection against impersonation):
Contact us via our Telegram support to obtain the DPO email
β±οΈ Legal response times:
- Standard: 1 month maximum (Art. 12.3 GDPR)
- Possible extension of 2 months in case of complexity (with notification)
- No fee for the first request
Complaint to the CNIL
If you believe your GDPR rights are not being respected, you can lodge a complaint with the French supervisory authority:
Commission Nationale de l'Informatique et des LibertΓ©s (CNIL)
π Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
π Phone: 01 53 73 22 22
π Website: www.cnil.fr
π Online complaint: www.cnil.fr/fr/plaintes
Data Transfers Outside the EU
No transfers outside the European Union. All our infrastructure is hosted in France (OVH Gravelines/Roubaix). Your data benefits from the maximum level of GDPR protection without the need for additional safeguards.
Data Breaches
In the event of a data breach likely to affect your rights and freedoms, we commit to:
- Notify the CNIL within 72 hours (Art. 33 GDPR)
- Inform you without undue delay if the risk is high (Art. 34 GDPR)
- Document the incident and corrective measures taken
β Track record: No data breaches reported since our creation.
Impact Assessment (DPIA)
In accordance with Art. 35 GDPR, we have conducted a Data Protection Impact Assessment (DPIA) for our high-risk processing activities. The findings confirm the proportionality of our security measures.
Sub-processors & DPA
Our sub-processors (hosting, payment) are bound by Data Processing Agreements (DPA) compliant with Art. 28 GDPR:
Hosting
OVH SAS (France) - ISO 27001, HDS certified
Payment
Stripe Inc., PayPal - PCI-DSS, GDPR compliant