🇪🇺 EU Data Protection Rights
This notice applies to individuals in the European Union. We take your data rights seriously, unlike scammers who take your data period.
What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that gives EU residents control over their personal data. It applies to any organization that processes personal data of EU residents, regardless of where the organization is located.
It's the law that makes companies actually care about your privacy instead of just pretending to.
Data Controller Information
PhishDestroy acts as the data controller for the personal data we process. You can contact us at:
Your Rights Under GDPR
As an EU resident, you have the following rights:
- Right to Information: Know what data we collect and why
- Right of Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Object to certain types of processing
- Right to Withdraw Consent: Withdraw consent at any time
What Data We Collect
We collect minimal personal data:
- Threat reports submitted through our channels
- Technical information (IP addresses, browser data) for security
- Contact information if you reach out to us
We collect way less data than your average social media app, and we actually use it for good purposes.
Legal Basis for Processing
We process personal data based on:
- Legitimate Interest: Protecting internet users from threats
- Consent: When you voluntarily submit reports
- Legal Obligation: Compliance with applicable laws
Data Retention
We retain personal data only as long as necessary for:
- Threat analysis and prevention
- Legal compliance requirements
- Legitimate security interests
Threat intelligence data may be retained longer for security purposes, but is anonymized when possible.
International Transfers
Your data may be transferred outside the EU for processing. When this occurs, we ensure appropriate safeguards through:
- Standard Contractual Clauses
- Adequacy decisions
- Other approved transfer mechanisms
Exercising Your Rights
To exercise your GDPR rights:
- Send an email to privacy@phishdestroy.io
- Include "GDPR Request" in the subject line
- Specify which right you want to exercise
- Provide identification to verify your identity
- Be specific about what data you're requesting
We respond to legitimate requests faster than scammers respond to anything official.
Response Timeline
We will respond to your GDPR requests:
- Within 1 month of receiving a valid request
- Extended to 3 months for complex requests
- We'll inform you if an extension is needed
Complaints
If you're not satisfied with how we handle your personal data, you have the right to lodge a complaint with:
- Your local data protection authority
- The data protection authority in your EU member state
- The European Data Protection Board
Automated Decision Making
We use automated systems for threat detection and analysis, but these do not make decisions that significantly affect individuals. Our automated systems are designed to:
- Identify malicious websites and domains
- Analyze threat patterns
- Generate security intelligence
Data Protection by Design
We implement data protection principles throughout our systems:
- Data minimization - we collect only what's necessary
- Purpose limitation - data is used only for stated purposes
- Storage limitation - data is kept only as long as needed
- Security measures - appropriate technical protections
Updates to This Notice
We may update this GDPR notice to reflect changes in law or our practices. We will notify you of significant changes through our website or direct communication if required.
Contact Information
For GDPR-related questions or requests:
We actually read and respond to privacy requests, unlike the fake "privacy" policies on scam sites.