Dorpzo Piant
☰
Home About Courses Contact

GDPR Compliance

Last updated: May 26, 2026

1. Our Commitment to GDPR

Dorpzo Piant is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Economic Area (EEA), United Kingdom, and Switzerland.

This page outlines how we implement GDPR principles in our data processing activities.

2. Data Controller Information

For the purposes of GDPR, Dorpzo Piant acts as the data controller for personal information collected through our website and educational services.

Data Controller:
Dorpzo Piant
152 Beach Road, #14-07 Gateway East
Singapore 189721
Email: [email protected]

3. Lawful Basis for Processing

We process your personal data only when we have a lawful basis to do so under GDPR Article 6:

3.1 Contractual Necessity (Art. 6(1)(b))

Processing is necessary to perform our contract with you, including:

  • Providing access to purchased courses
  • Processing enrollments and managing your account
  • Delivering course materials and certificates
  • Providing customer support

3.2 Legitimate Interests (Art. 6(1)(f))

Processing is necessary for our legitimate interests, such as:

  • Improving our educational content and services
  • Analyzing website usage to enhance user experience
  • Preventing fraud and ensuring security
  • Internal administration and business operations

3.3 Consent (Art. 6(1)(a))

For activities requiring explicit consent, such as:

  • Marketing communications and newsletters
  • Non-essential cookies and tracking
  • Sharing testimonials or case studies

3.4 Legal Obligation (Art. 6(1)(c))

Processing required to comply with legal obligations, including:

  • Tax and accounting requirements
  • Responding to lawful requests from authorities
  • Maintaining records as required by law

4. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

4.1 Right of Access (Art. 15)

You have the right to obtain confirmation about whether we process your personal data and receive a copy of that data.

4.2 Right to Rectification (Art. 16)

You can request correction of inaccurate or incomplete personal data we hold about you.

4.3 Right to Erasure (Art. 17)

You can request deletion of your personal data under certain circumstances, including:

  • The data is no longer necessary for the purposes collected
  • You withdraw consent and no other legal basis exists
  • You object to processing based on legitimate interests
  • The data was unlawfully processed

4.4 Right to Restriction of Processing (Art. 18)

You can request limitation of processing when:

  • You contest the accuracy of your personal data
  • Processing is unlawful but you oppose erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing pending verification

4.5 Right to Data Portability (Art. 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller.

4.6 Right to Object (Art. 21)

You can object to processing based on legitimate interests or for direct marketing purposes at any time.

4.7 Right to Withdraw Consent (Art. 7(3))

Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

4.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or where an alleged infringement occurred.

5. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]

We will respond to your request within one month of receipt. In complex cases, we may extend this period by two additional months and will inform you of the extension.

6. Data Protection Principles

We adhere to GDPR's core data protection principles:

  • Lawfulness, fairness, and transparency: We process data lawfully, fairly, and transparently
  • Purpose limitation: We collect data for specified, explicit, and legitimate purposes
  • Data minimization: We collect only data adequate, relevant, and necessary for our purposes
  • Accuracy: We keep personal data accurate and up to date
  • Storage limitation: We retain data only as long as necessary
  • Integrity and confidentiality: We implement appropriate security measures
  • Accountability: We demonstrate compliance with GDPR principles

7. Data Security Measures

We implement technical and organizational security measures appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Employee training on data protection and security
  • Incident response and data breach notification procedures
  • Regular backups and disaster recovery planning

8. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware
  • Notify affected individuals without undue delay if the breach poses a high risk
  • Document all data breaches and our response measures

9. International Data Transfers

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place through:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection
  • Binding Corporate Rules where applicable

10. Third-Party Processors

We work with third-party service providers who process data on our behalf. We ensure these processors:

  • Provide sufficient guarantees of GDPR compliance
  • Process data only on our documented instructions
  • Maintain appropriate security measures
  • Are bound by written data processing agreements

11. Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal effects or significantly affects individuals.

12. Children's Data

We do not knowingly process personal data of children under 16 without parental consent. If we become aware of such processing, we will delete the data promptly.

13. Data Protection Officer

For questions about our GDPR compliance or to exercise your rights, contact our data protection team:

Email: [email protected]

14. Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Material changes will be communicated through our website.

Dorpzo Piant

Professional IT security and digital literacy education for individuals and organizations.

Quick Links

About Us All Courses Contact

Legal

Privacy Policy GDPR Compliance Cookie Policy Terms of Use

© 2026 Dorpzo Piant. All rights reserved.