GDPR Compliance

1. Our Commitment to GDPR

Skyline DevHub is fully committed to compliance with the European Union General Data Protection Regulation (GDPR). We implement comprehensive policies, technical controls, and organizational measures to protect personal data using a defense-in-depth approach.

2. Legal Basis for Data Processing

Under GDPR Article 6, we process personal data only with a valid legal basis:

Contractual Necessity

Account creation, service delivery, payment processing, and customer support.

Legitimate Interests

Fraud prevention, security monitoring, service improvement, and marketing communications (with opt-out).

Legal Obligation

Tax reporting, responses to authority requests, and legally mandated record keeping.

Consent

Marketing communications, cookies, and optional data collection. Consent may be withdrawn at any time.

3. Your Rights Under GDPR

Right to Access (Article 15)

You may obtain confirmation of whether we process your data and request access to it. Contact privacy@skylinedevhub.com; we will respond within 30 days.

Right to Rectification (Article 16)

You may correct inaccurate or incomplete personal data. Update your account settings directly or contact us for corrections, which take effect immediately.

Right to Erasure (Article 17)

You may request deletion of your personal data when: the data is no longer necessary, consent is withdrawn, an objection is valid, processing was unlawful, or a legal obligation requires it. Deletion requests are processed within 30 days, with exceptions for legal retention requirements.

Right to Restriction (Article 18)

You may restrict processing in certain situations. Contact our Data Protection Officer; your data will be marked and processing limited accordingly.

Right to Data Portability (Article 20)

You may receive your personal data in a structured, machine-readable format (JSON). Request via your dashboard or email; delivered within 30 days.

Right to Object (Article 21)

You may object to processing based on legitimate interests or for marketing purposes. Use unsubscribe links or contact us directly.

Right to Withdraw Consent (Article 7(3))

You may withdraw consent at any time via your account settings or by contacting us directly.

Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with a supervisory authority. For EU-wide information, visit edpb.europa.eu.

4. Data Protection Principles (Article 5)

• Lawfulness, Fairness & Transparency — Valid legal basis, fair processing, clear communication
• Purpose Limitation — Specified, explicit, and legitimate purposes only
• Data Minimization — Only adequate, relevant, and necessary data collected
• Accuracy — Data maintained accurately and kept up to date; errors corrected promptly
• Storage Limitation — Retained only as long as necessary, then deleted or anonymized
• Integrity & Confidentiality — Appropriate technical and organizational security measures applied

5. Data Processing & Security Measures

Technical Measures

• AES-256 encryption at rest
• TLS 1.3 encryption in transit
• Pseudonymization and anonymization where appropriate
• Role-based access controls
• Multi-factor authentication
• Automated vulnerability scanning
• Secure development lifecycle
• Regular penetration testing and audits

Organizational Measures

• Dedicated Data Protection Officer (DPO)
• Regular staff training on data protection
• Data Protection Impact Assessments (DPIAs)
• Documented information security policies
• Vendor due diligence and processor agreements
• Incident response and breach notification procedures
• Regular compliance audits
• Privacy by Design and Privacy by Default

6. International Data Transfers

For EU customers, data is stored exclusively in EU data centers. All cross-border data transfers employ appropriate safeguards:

• Standard Contractual Clauses (SCCs) approved by the EU for third-country transfers
• Binding Corporate Rules for intra-group transfers
• Supplementary technical controls as additional measures
• Adequacy decisions for jurisdictions with adequate protection levels

Transfer Impact Assessments are conducted to evaluate risks per Schrems II guidance.

7. Data Processing Agreement

We provide Data Processing Agreements covering all data processing activities performed on behalf of clients, including transparent sub-processor lists with advance notification before adding new sub-processors. To request a DPA, contact legal@skylinedevhub.com; typical processing time is 5 business days.

8. Data Breach Notification

• Detection & Response — Continuous monitoring with immediate action upon detection
• Authority Notification — Within 72 hours as required by GDPR
• Individual Notification — Affected individuals notified promptly
• Documentation — Full documentation of breach scope, impact, and remediation steps

9. Contact

Data Protection Officer

Email: dpo@skylinedevhub.com

Address: Tirana, Albania

Response time: within 30 days

Privacy & Data Requests

Email: privacy@skylinedevhub.com