Effective Date: 18 February 2026 ยท Last Updated: 18 February 2026
This GDPR Compliance Policy sets out Digital Builders's commitment to and framework for compliance with the General Data Protection Regulation (EU) 2016/679. It applies to all personal data we process in our capacity as a data controller and, where applicable, as a data processor for Community Owners using our platform.
Digital Builders acts as a data controller when we determine the purposes and means of processing personal data. This includes account registration and management data, billing and subscription data, platform usage analytics and technical logs, and support and communication data.
Digital Builders acts as a data processor when processing personal data on behalf of Community Owners. This includes member data within a community, course participation records, coaching session records, and community-generated content. In this capacity, we process data only on documented instructions from the Community Owner and pursuant to a Data Processing Agreement (DPA).
All Community Owners on a paid plan are provided with a Data Processing Agreement covering: the subject matter and duration of processing; the nature and purpose of processing; the types of personal data and categories of data subjects; obligations and rights of the Community Owner as controller; and Digital Builders's obligations as processor, including sub-processor management. Community Owners may request a copy of our standard DPA by contacting dpo@digitalbuilders.io.
We identify and document a lawful basis for every category of personal data we process as a controller. Our primary lawful bases are: Contract (Article 6(1)(b)) โ processing necessary to perform our contract with users; Legitimate Interests (Article 6(1)(f)) โ processing necessary for our legitimate business interests; Legal Obligation (Article 6(1)(c)) โ processing required by applicable law; Consent (Article 6(1)(a)) โ processing based on clear, freely given, informed consent, particularly for marketing and non-essential cookies.
We have implemented procedures to honour all data subject rights under the GDPR within required timeframes (generally 30 days). Data subjects submit requests via email to dpo@digitalbuilders.io or through the account settings panel. Requests are logged, assigned, and responded to within 30 days. Users may export their personal data in a machine-readable format (JSON or CSV) via account settings, including profile data, course history, and community activity.
We use the following categories of sub-processors to provide the Service: Cloud Infrastructure and Hosting (for platform hosting and data storage); Payment Processing via Stripe (for subscription and billing); Video Conferencing via Zoom (for coaching and event sessions); Error Monitoring via Sentry (for application performance and error tracking); Email Delivery (for transactional and notification emails). All sub-processors are bound by data processing agreements requiring GDPR-compliant data handling.
Digital Builders integrates data protection principles into the design of our platform: data minimisation (we collect only data necessary for the stated purposes); purpose limitation (data collected for one purpose is not repurposed without justification); storage limitation (automated deletion schedules remove data no longer required); encryption (personal data is encrypted in transit via TLS and at rest via AES-256); access controls (role-based access ensures staff access only data necessary for their role); and pseudonymisation where feasible for analytics.
We conduct Data Protection Impact Assessments for new processing activities likely to result in a high risk to data subjects. DPIAs are triggered for large-scale processing of sensitive personal data; systematic monitoring of publicly accessible areas; processing involving new technologies (e.g., AI-generated content features); and profiling or automated decision-making with significant effects.
We maintain a documented Data Breach Response Procedure: detection and containment within 24 hours; assessment of risk to data subjects; notification to the relevant supervisory authority within 72 hours where required; notification to affected data subjects without undue delay if the breach poses a high risk; and documentation of the breach, its effects, and remedial actions taken. Data breaches are logged in our breach register regardless of notification threshold.
Where personal data is transferred outside the European Economic Area, we rely on European Commission adequacy decisions for recognised adequate countries; Standard Contractual Clauses (SCCs) per Commission Implementing Decision (EU) 2021/914 for other third-country transfers; and Binding Corporate Rules where applicable. Transfer impact assessments are conducted when SCCs are used.
As required by Article 30 of the GDPR, we maintain records of our processing activities including: categories of data subjects and personal data processed; purposes of processing; categories of recipients; international transfers and safeguards; retention schedules; and technical and organisational security measures. These records are available to supervisory authorities upon request.
Digital Builders has appointed a Data Protection Officer responsible for advising on GDPR compliance, serving as point of contact for data subjects exercising their rights, liaising with supervisory authorities, conducting and overseeing DPIAs, and providing training and awareness to staff. Contact: dpo@digitalbuilders.io
Community Owners using Digital Builders are independent data controllers for their community member data. They are responsible for: having a lawful basis for collecting and processing member data; providing members with a compliant privacy notice; honouring member data subject rights requests; ensuring any additional third-party tools they use comply with GDPR; and not directing Digital Builders to process data in ways that would violate GDPR.
For all GDPR-related enquiries, contact our Data Protection Officer at dpo@digitalbuilders.io or General Enquiries at privacy@digitalbuilders.io. Digital Builders | Barcelona | Spain