GDPR Compliance

Your data protection rights under the General Data Protection Regulation and our commitment to data privacy.

Last Updated: March 21, 2026

Our Commitment to GDPR

At DoFo//ow, we are committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page explains your rights under GDPR, how we comply with the regulation, and how you can exercise your rights.

The GDPR is a comprehensive data protection law that gives individuals in the European Union (EU) and European Economic Area (EEA) greater control over their personal data. Even if you're not located in the EU/EEA, we apply these same privacy standards to all our users worldwide.

Your GDPR Rights

Under GDPR, you have several rights regarding your personal data. Below is a detailed explanation of each right and how you can exercise it on our platform.

Right to Access

Response: Within 30 days

You have the right to request access to your personal data and obtain information about how we process it.

What this means for you:

  • Request a copy of all personal data we hold about you
  • Receive information about the purposes of processing
  • Learn about the categories of data we collect
  • Understand who we share your data with
  • Know the retention period for your data

Right to Rectification

Response: Within 30 days

You have the right to request correction of inaccurate or incomplete personal data.

What this means for you:

  • Correct any inaccurate personal information
  • Complete incomplete personal data
  • Update outdated information
  • Amend misleading data
  • Add supplementary information

Right to Erasure

Response: Within 30 days

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances.

What this means for you:

  • Data is no longer necessary for its original purpose
  • You withdraw consent for data processing
  • You object to processing and there are no overriding legitimate grounds
  • Data has been unlawfully processed
  • Compliance with a legal obligation requires deletion

Right to Restriction

Response: Immediate

You can request that we restrict the processing of your personal data in specific situations.

What this means for you:

  • Contest the accuracy of your personal data
  • Processing is unlawful but you oppose erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing pending verification
  • Limit use of data while disputes are resolved

Right to Data Portability

Response: Within 30 days

You have the right to receive your personal data in a structured, commonly used format and transmit it to another controller.

What this means for you:

  • Receive data in a machine-readable format
  • Transfer data to another service provider
  • Export your campaign data and analytics
  • Download transaction history
  • Obtain copies of uploaded content

Right to Object

Response: Immediate for marketing

You have the right to object to certain types of processing, including direct marketing and processing based on legitimate interests.

What this means for you:

  • Object to direct marketing at any time
  • Object to processing based on legitimate interests
  • Object to automated decision-making and profiling
  • Stop receiving promotional communications
  • Opt out of analytics and tracking

Legal Basis for Processing

Under GDPR, we must have a valid legal basis for processing your personal data. We process your data based on one or more of the following legal grounds:

Consent

You have given clear consent for us to process your personal data for specific purposes.

Examples: Marketing communications, optional analytics, cookie preferences

Contract

Processing is necessary for the performance of a contract with you or to take steps before entering into a contract.

Examples: Account creation, service delivery, payment processing, order fulfillment

Legal Obligation

Processing is necessary for compliance with legal obligations to which we are subject.

Examples: Tax records, fraud prevention, regulatory compliance, legal proceedings

Legitimate Interests

Processing is necessary for our legitimate interests or those of a third party, except where overridden by your rights.

Examples: Platform security, fraud detection, service improvement, business analytics

Data Protection Measures

We implement comprehensive technical and organizational measures to ensure a level of security appropriate to the risk, including:

Technical Measures

  • End-to-end encryption for data transmission
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • Multi-factor authentication options
  • Automated backup and disaster recovery

Organizational Measures

  • Staff training on data protection
  • Strict access controls and authentication
  • Data processing agreements with vendors
  • Regular compliance audits and reviews
  • Incident response and breach notification procedures

International Data Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place to protect your data, including:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries with adequacy decisions from the European Commission
  • Binding Corporate Rules for data transfers within corporate groups
  • Your explicit consent for specific transfers when required

For more information about how we transfer data internationally, please contact our Data Protection Officer.

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

1

Notify Authorities

Report the breach to the relevant supervisory authority within 72 hours of becoming aware of it.

2

Notify Affected Users

Inform you without undue delay if the breach is likely to result in a high risk to your rights and freedoms.

3

Provide Clear Information

Describe the nature of the breach, the likely consequences, and the measures we're taking to address it.

4

Offer Guidance

Provide recommendations on steps you can take to protect yourself and mitigate potential harm.

How to Exercise Your Rights

To exercise any of your GDPR rights, you can:

Use Your Account Settings: Access, update, or delete most of your personal information directly through your account dashboard.
Contact Our Data Protection Officer: Email privacy@dofollow.pro with your request. We'll verify your identity and respond within the required timeframe.
Submit a Formal Request: Use our data subject request form for complex requests or multiple rights.

Identity Verification: To protect your privacy, we may ask you to verify your identity before processing certain requests. This may include confirming your email address, answering security questions, or providing other identifying information.

Right to Lodge a Complaint

If you believe we have not handled your personal data properly or have violated your rights under GDPR, you have the right to lodge a complaint with a supervisory authority. While we encourage you to contact us first so we can address your concerns, you can file a complaint with:

  • The supervisory authority in your EU member state of residence or workplace
  • The supervisory authority where the alleged infringement occurred
  • Our lead supervisory authority if we operate in multiple EU countries

Contact Our Data Protection Officer

If you have questions about GDPR, want to exercise your rights, or need assistance with data protection matters, please contact our dedicated Data Protection Officer.

Email: privacy@dofollow.pro

Response Time: Within 48 hours for initial acknowledgment

Request Processing: Within 30 days for most GDPR requests

Email Data Protection Officer