GDPR Compliance
Regulation (EU) 2016/679 - General Data Protection Regulation
1. Our Commitment
Sklaveni is committed to protecting your personal data in compliance with the GDPR. As our platform serves users across the European Union, we apply GDPR standards to all users regardless of location.
2. Data Controller
Sklaveni is the data controller for personal data processed through sklaveni.com. Contact: info@sklaveni.com.
3. Data We Process
| Category | Examples | Purpose |
|---|---|---|
| Identity | Username, email, phone | Account creation, verification |
| Profile | Age, location, role, bio, photos | Profile display |
| Verification | Phone number, OTP codes | Phone verification (optional/mandatory by role) |
| Technical | IP address, cookies, timestamps | Security, session management |
| Social Login | Provider ID, email | Authentication |
| Special Category | Sexual orientation (profile field) | Explicit consent required |
4. Legal Basis
- Art. 6(1)(a): Consent - you explicitly consent during registration.
- Art. 6(1)(b): Contract - data needed to provide the service.
- Art. 6(1)(c): Legal obligation - age verification (18+).
- Art. 6(1)(f): Legitimate interest - platform security.
- Art. 9(2)(a): Explicit consent for special category data (sexual orientation).
5. Your Rights Under GDPR
| Right | Article | How to Exercise |
|---|---|---|
| Access | Art. 15 | Request a copy of your data via email |
| Rectification | Art. 16 | Edit your profile or contact us |
| Erasure | Art. 17 | Request account deletion via email |
| Restriction | Art. 18 | Request processing limitation |
| Portability | Art. 20 | Receive your data in machine-readable format |
| Objection | Art. 21 | Object to processing based on legitimate interest |
| Withdraw Consent | Art. 7(3) | Withdraw consent at any time |
6. Data Transfers
Your data is stored on servers within the European Union. We do not transfer personal data outside the EU without adequate safeguards.
7. Data Retention
- Account data: retained while account is active.
- OTP codes: deleted after verification (max 5 minutes).
- Deleted account data: removed within 30 days.
- Legal records: retained as required by applicable law.
8. Data Protection Measures
- HTTPS encryption for all data in transit.
- Password hashing with bcrypt + HMAC-SHA256.
- CSRF protection on all forms.
- Prepared SQL statements to prevent injection.
- Session management with secure cookies.
- Phone verification (OTP) optional for Slaves/Explorers, mandatory for Mistresses/Masters.
9. Data Breach Notification
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, as required by Art. 33-34 GDPR.
10. Supervisory Authority
You have the right to lodge a complaint with your local data protection supervisory authority. For Italian users: Garante per la Protezione dei Dati Personali (www.garanteprivacy.it).
11. DPO Contact
For GDPR-related inquiries or to exercise your rights, contact our Data Protection Officer at info@sklaveni.com.