gdpr-compliance.txt

$ GDPR Compliance

Last updated: January 1, 2026

1. Introduction

This page explains how OpalRune complies with the General Data Protection Regulation (GDPR) of the European Union. Although we are based in the Philippines, we recognize the data protection rights of all our users, wherever they may reside.

We also comply with the Data Privacy Act of 2012 (Republic Act No. 10173) of the Philippines, which shares many provisions with the GDPR.

2. Data Controller

The data controller for your personal data is:

The data controller decides how and why your personal data is processed. We are responsible for ensuring that processing complies with the GDPR.

3. Your Rights Under the GDPR

Under the GDPR, you have the following rights. We take each of these seriously.

3.1 Right of Access (Right of Access - Article 15)

You have the right to:

  • Know whether we process your personal data
  • Obtain a copy of your personal data
  • Know the purpose of processing
  • Know the categories of data being processed
  • Know with whom your data is shared
  • Know the retention period of your data

To request access to your data, email support@opalrune.com with the subject line "GDPR Data Access Request".

3.2 Right to Rectification (Right to Rectification - Article 16)

You have the right to:

  • Request correction of errors in your personal data
  • Request completion of incomplete data
  • Update your data at any time

Email support@opalrune.com with the subject line "GDPR Data Correction Request" and indicate what data needs to be corrected.

3.3 Right to Erasure (Right to Erasure / Right to be Forgotten - Article 17)

You have the right to request erasure of your personal data if:

  • The data is no longer needed for the original purpose
  • You have withdrawn your consent
  • You object to processing and there is no stronger reason to continue
  • The data is being processed unlawfully
  • The data needs to be erased to comply with a legal obligation

Email support@opalrune.com with the subject line "GDPR Data Deletion Request". We will delete your data within 30 days, unless there is a legal reason to retain it.

3.4 Right to Restriction of Processing (Right to Restriction of Processing - Article 18)

You have the right to restrict the processing of your data if:

  • You are questioning the accuracy of your data
  • The processing is unlawful but you prefer restriction over deletion
  • We no longer need the data but you need it for legal claims
  • You object to processing while we verify whether there is a stronger reason

Email support@opalrune.com with the subject line "GDPR Processing Restriction Request".

3.5 Right to Data Portability (Right to Data Portability - Article 20)

You have the right to:

  • Receive your personal data in a structured, commonly used, and machine-readable format (for example, JSON or CSV)
  • Transfer your data to another service provider
  • Request that we directly transfer your data to another controller, if technically feasible

Email support@opalrune.com with the subject line "GDPR Data Portability Request" and indicate what format you prefer.

3.6 Right to Object (Right to Object - Article 21)

You have the right to object to the processing of your data if:

  • The processing is based on legitimate interest or public interest
  • Your data is being used for direct marketing
  • Your data is being used for profiling
  • Your data is being used for research or statistical purposes

When you object to direct marketing, we will immediately stop processing. For other cases, we will stop processing unless there is a compelling legitimate reason.

Email support@opalrune.com with the subject line "GDPR Processing Objection".

4. How to Withdraw Consent

If you have given consent for the processing of your data, you can withdraw it at any time. Here are the ways:

4.1 Via Email

Email support@opalrune.com and let us know you want to withdraw your consent. Include your name and email address so we can verify your identity.

4.2 For Newsletter

You can unsubscribe via the "unsubscribe" link in every newsletter email. You can also email us to remove your email from our mailing list.

4.3 For Cookies

You can manage your cookie preferences in the following ways:

  • Cookie Consent Banner: When you visit our website, you can choose which cookies to accept
  • Browser Settings: You can delete cookies and change your cookie settings in your browser
  • Email Request: Email us to request a reset of your cookie preferences

Note that withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

5. How We Protect Your Data

We use the following technical and organizational measures:

  • 256-bit SSL/TLS encryption for all data in transit
  • Encrypted storage for data at rest
  • Regular security audits and penetration testing
  • Strict access controls and authentication
  • Employee training on data protection
  • Data breach notification procedures (within 72 hours)
  • Regular backup and disaster recovery
  • Privacy by design and privacy by default in all our systems

6. Data Breach Notification

If a data breach occurs that may affect your rights and freedoms:

  • We will notify the appropriate supervisory authority within 72 hours
  • We will notify you directly if the breach may pose a high risk to your rights
  • We will provide details about the breach and the steps we are taking

7. International Data Transfers

If your data needs to be transferred outside the EU/EEA or the Philippines, we will use the following safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where available
  • Binding Corporate Rules where applicable

8. Data Processing Records

We maintain records of all data processing activities, including:

  • Categories of data being processed
  • Purposes of processing
  • Categories of data recipients
  • Retention periods
  • Technical and organizational security measures

9. Automated Decision-Making and Profiling

We currently do not use automated decision-making or profiling that has legal or similarly significant effects on you. If this changes in the future, we will inform you and request your consent.

10. Response Times

We will respond to all GDPR-related requests within:

  • 30 days: For most requests
  • 60 days: For complex requests (with prior notice)
  • 90 days: Maximum period for very complex requests

All requests are free. We will not charge for processing your GDPR requests, unless the requests are manifestly unfounded or excessive.

11. Complaints

If you are not satisfied with how we handle your data or requests, you have the right to:

  • File a complaint with us at support@opalrune.com
  • File a complaint with the National Privacy Commission of the Philippines (privacy.gov.ph)
  • File a complaint with your local data protection authority in the EU (if you are an EU resident)
  • File a case in court for violations of your data protection rights

12. Updates to the GDPR Policy

We may update this page at any time to reflect changes in our practices or in the law. The date of the last update is always stated at the top of this page. We recommend that you regularly visit this page.

13. Contact Us

For any questions or requests related to GDPR and data protection:

Please include in your email:

  • Your full name
  • The email address you used on our platform
  • A clear description of your request
  • Any relevant details that can help us respond