Skip to main content

Data protection

We protect your sensitive data according to GDPR (General Data Protection Regulation)—a set of rules designed to give you more control over your personal data. It simplifies the regulatory environment so both citizens and businesses can fully benefit from the digital economy.

Data protection principles

We process your data according to seven protection and accountability principles outlined in GDPR Article 5.1-2:

  • Lawfulness, fairness, and transparency — Processing is lawful, fair, and transparent to you.

  • Purpose limitation — We process data only for the legitimate purposes specified explicitly to you when we collect it.

  • Data minimization — We collect and process only as much data as absolutely necessary for the purposes specified.

  • Accuracy — We keep your personal data accurate and up to date.

  • Storage limitation — We store personally identifying data only for as long as necessary for the specified purpose.

  • Integrity and confidentiality — We process data in a way that ensures appropriate security, integrity, and confidentiality.

  • Accountability — We're responsible for demonstrating GDPR compliance with all of these principles.

Your data protection rights

You're entitled to the following rights:

  • Right to access — Request copies of your personal data. We may charge a small fee for this service.

  • Right to rectification — Request that we correct any information you believe is inaccurate, or complete information you believe is incomplete.

  • Right to erasure — Request that we erase your personal data under certain conditions.

  • Right to restrict processing — Request that we restrict the processing of your personal data under certain conditions.

  • Right to object to processing — Object to our processing of your personal data under certain conditions.

  • Right to data portability — Request that we transfer the data we've collected to another organization, or directly to you, under certain conditions.

Reasons for erasure request

Given the sensitive nature of erasing personal data, GDPR Article 17(1) requires certain conditions to be met before a request may be considered.

Supply us with the reason you want your data erased:

  • Your personal data is no longer necessary for the purposes for which we originally collected it.

  • You no longer consent to our processing of your personal data.

  • You object to our processing of your personal data as is your right under Article 21 of the GDPR.

  • Your personal data has been unlawfully processed.

  • We're subject to a legal obligation of the EU or Member State that requires the erasure of your personal data.

  • You're a child, you represent a child, or you were a child at the time of the data processing, and your personal data was used to offer you information society services.

Contact us

To exercise any of these rights, contact us at hello@ducalis.io.

Last updated: Jan 6, 2026