โ๏ธ
Lawfulness &
Transparency
๐
Integrity &
Confidentiality
๐ค
Rights of
Data Subjects
1. Core Principles (GDPR Art. 5)
We process your data according to the following 7 key principles:
- Lawfulness, Fairness, and Transparency: Data is processed legally and transparently.
- Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes.
- Data Minimization: We only collect what is strictly necessary.
- Accuracy: We keep data accurate and up to date.
- Storage Limitation: Data is deleted once the purpose is fulfilled.
- Integrity and Confidentiality: We use robust security measures to protect your data.
- Accountability: We are responsible for and can demonstrate compliance with these principles.
2. Data Controller & DPO
The Data Controller for this service is hanjinkim.
Data Protection Officer (DPO):
Email:
3. Information We Collect
| Category |
Items |
Legal Basis (GDPR Art. 6) |
| User Content |
Paste content body |
Performance of a contract |
| Security |
Hashed passwords (BCRYPT) |
Legitimate interests (Security) |
| Technical |
IP addresses, Access logs |
Legitimate interests (Security) |
4. Your Rights (GDPR)
Under the GDPR, you have the following rights regarding your personal data:
- Right of Access: You can request a copy of your data.
- Right to Rectification: You can request correction of inaccurate data.
- Right to Erasure ('Right to be Forgotten'): You can request deletion of your data.
- Right to Restrict Processing: You can request a limit on how we use your data.
- Right to Data Portability: You can request your data in a structured, machine-readable format.
- Right to Object: You can object to data processing based on legitimate interests.
To exercise these rights, please contact our DPO via email. Note: For anonymous pastes, we may require the content's password to verify ownership.
5. International Data Transfers
Your data is stored and processed in South Korea (the location of our servers via Vercel/PostgreSQL). South Korea has an Adequacy Decision from the European Commission, ensuring an equivalent level of data protection to that of the EU (GDPR Art. 45).
6. Data Breach Notification
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify the competent supervisory authority and the affected data subjects within 72 hours of becoming aware of the breach, where feasible.