GDPR & data protection

Buronia is a private application service that helps EU residents draft benefit applications. Because every draft contains identifying and often sensitive personal data, we publish each part of our GDPR posture as its own page so you can audit the specific mechanism rather than scan a single megafile.

Effective 2026-04-30. Native-language copies of any page below are available on request via dpo@buronia.com within 30 days, per GDPR Art. 12.

Foundational documents

• Privacy policy — what we collect and why.
• Imprint & DPO contact — operator, EU representative, DPO.
• Terms of service — your contract with Buronia.
• Compliance & security — country-specific posture, sub-processor regions, encryption.

GDPR detail pages

• Legal bases (GDPR Art. 6 & 9) — exactly which lawful basis we rely on, per data category.
• Your data rights (Art. 15–22) — access, rectification, erasure, portability, restriction, objection — and how to exercise each.
• Data retention & deletion schedule — exactly when each data class is deleted, with the retention reason.
• Cookies & local storage — every cookie and storage key we set, what it does, how long it lives.
• Sub-processors — every third party that touches your data, the data category, and the SCC/transfer basis.
• International transfers — when your data leaves the EU, the safeguards, and the transfer impact assessment.
• Personal-data breach notification — our 72-hour Art. 33/34 process and how we'll contact you.
• Data Processing Agreement (Art. 28) — the controller↔processor terms when you're a business client.
• Data Protection Impact Assessment — Art. 35 risk analysis and mitigations.
• Children's personal data — when minors' data is involved (e.g. Pflegegrad for a child) and parental consent.
• Automated decision-making (Art. 22) — what AI does, what it doesn't, and your right to human review.
• Lodging a complaint — your country's supervisory authority, with direct links.

If you only read one page

Read Your data rights first. Everything else on this site exists to support those rights. If at any point you want your data deleted, paste your email into a one-line message to dpo@buronia.com — we'll acknowledge within 72 hours and complete erasure within 30 days.