GDPR Information
Last Updated: October 4, 2025
Your Privacy Matters: Under the General Data Protection Regulation (GDPR), you have comprehensive rights regarding your personal data. This page explains those rights and how to exercise them.
1. What is GDPR?
The General Data Protection Regulation (GDPR) is a European Union law that protects the privacy and personal data of EU citizens. It gives you control over your personal information and how organizations use it.
2. Data Controller
Motoristi.EU is the data controller for your personal information.
- Name: Motoristi.EU
- Location: Sofia, Bulgaria
- Contact: privacy@motoristi.eu
- Data Protection Officer: dpo@motoristi.eu
3. Your GDPR Rights
3.1 Right to Access (Article 15)
You have the right to obtain:
- Confirmation that we process your data
- A copy of your personal data
- Information about how we use your data
How to request: Email privacy@motoristi.eu with subject "Data Access Request"
Response time: Within 30 days
3.2 Right to Rectification (Article 16)
You can correct inaccurate or incomplete data.
- Update your profile directly in your account settings
- Or email us with corrections: privacy@motoristi.eu
3.3 Right to Erasure / "Right to be Forgotten" (Article 17)
You can request deletion of your data when:
- It's no longer necessary for the purpose collected
- You withdraw consent
- You object to processing
- Data was unlawfully processed
How to request:
- Log in to your account
- Go to Settings → Delete Account
- Or email: privacy@motoristi.eu with subject "Account Deletion Request"
What happens: Account deleted within 30 days, data anonymized or removed from backups within 90 days
3.4 Right to Restriction of Processing (Article 18)
You can limit how we use your data in certain situations:
- While we verify accuracy of disputed data
- When processing is unlawful but you don't want deletion
- When we no longer need the data but you need it for legal claims
How to request: Email privacy@motoristi.eu
3.5 Right to Data Portability (Article 20)
You can receive your data in a machine-readable format and transfer it to another service.
Available formats: JSON, CSV, XML
How to request: Email privacy@motoristi.eu with subject "Data Export Request"
Includes:
- Profile information
- Ride history and tracks
- Chat messages
- Forum posts
- Photos and media
3.6 Right to Object (Article 21)
You can object to processing of your data for:
- Direct marketing (opt out anytime)
- Legitimate interests (we must stop unless we have compelling reasons)
- Research or statistical purposes
3.7 Right Not to Be Subject to Automated Decision-Making (Article 22)
We do not use automated decision-making or profiling that produces legal effects or significantly affects you.
4. Lawful Basis for Processing
We process your data based on:
Consent (Article 6(1)(a)):
- Marketing communications
- Optional features (location sharing, analytics)
- Cookies (except essential ones)
Contract Performance (Article 6(1)(b)):
- Account creation and management
- Providing services (chat, forum, rides)
- Payment processing (if applicable)
Legitimate Interests (Article 6(1)(f)):
- Site security and fraud prevention
- Service improvement
- Analytics (anonymized)
Legal Obligation (Article 6(1)(c)):
- Tax records
- Law enforcement requests
- Compliance reporting
5. Data We Collect
5.1 Personal Data
- Email address
- Display name
- Password (encrypted with bcrypt)
- IP address (for security)
- Device information
5.2 Riding Data
- GPS tracks (if you enable tracking)
- Ride statistics
- Motorcycle information (brand, model, year)
5.3 Community Data
- Chat messages
- Forum posts
- Comments
- Photos uploaded
6. Data Sharing
We DO NOT sell your data.
We share data only with:
- Other Users: Public profile info, posts, rides (as per privacy settings)
- Service Providers: Hosting, email (with DPAs in place)
- Legal Authorities: When required by law
7. Data Retention
| Data Type |
Retention Period |
| Active account data |
While account is active |
| Deleted account data |
30 days (then anonymized/deleted) |
| Backup data |
90 days |
| Legal records |
As required by law (typically 5-7 years) |
| Analytics (anonymized) |
2 years |
8. Data Security
We protect your data with:
- ✅ HTTPS encryption (TLS 1.3)
- ✅ Password hashing (bcrypt)
- ✅ Database encryption
- ✅ Regular security audits
- ✅ Access controls
- ✅ Firewall protection
- ✅ DDoS mitigation
9. International Data Transfers
Your data is stored in the European Union (Bulgaria). If transferred outside EU:
- We use EU-approved Standard Contractual Clauses
- Or rely on EU adequacy decisions
- Your rights remain protected
10. Children's Privacy
We do not knowingly collect data from children under 16. If you're under 16, you cannot use our service. Parents can contact us to delete any collected child data.
11. Breach Notification
In case of a data breach that risks your rights:
- We'll notify authorities within 72 hours
- We'll notify affected users promptly
- We'll provide details and mitigation steps
12. Supervisory Authority
You have the right to lodge a complaint with your data protection authority:
Bulgarian Commission for Personal Data Protection
- Website: www.cpdp.bg
- Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria
- Email: kzld@cpdp.bg
- Phone: +359 2 915 3518
13. How to Exercise Your Rights
Step 1: Identify Yourself
Email privacy@motoristi.eu from your registered email address or provide proof of identity.
Step 2: Specify Your Request
- Data access request
- Data deletion request
- Data export request
- Objection to processing
- Restriction request
Step 3: We Respond
- Acknowledge within 72 hours
- Fulfill request within 30 days (may extend to 90 days if complex)
- Provide status updates
14. Free of Charge
Exercising your GDPR rights is completely free. We may charge a fee only for:
- Manifestly unfounded requests
- Excessive requests (e.g., identical request 10 times in a month)
15. Contact Us
For GDPR-related inquiries:
- Email: privacy@motoristi.eu
- Data Protection Officer: dpo@motoristi.eu
- Response Time: Within 72 hours
16. Related Documents
← Back to Home