Last updated: [Tanggal]
This GDPR Policy explains how SELLMyCODE ("we", "us", "our") complies with the General Data Protection Regulation (EU) 2016/679 (GDPR). This policy applies to all users located in the European Economic Area (EEA) and the United Kingdom when they use our website, create an account, or purchase/download any products (source code, templates, assets, etc.).
If you are not in the EEA or UK, our Privacy Policy still applies to you, but the specific rights described in this document may not apply.
Data Controller:
📧 GDPR contact: [gdpr@sellmycode.site]
For any GDPR-related requests (access, deletion, rectification, etc.), please email our Data Protection Officer (DPO) or GDPR representative at the address above.
Under GDPR, we must have a legal basis for collecting and using your personal data. We rely on the following bases:
Purpose
Legal Basis
Processing your orders and delivering digital downloads
Contract performance – necessary to fulfill your purchase
Managing your account (login, order history, downloads)
Contract performance
Sending order confirmations, updates, and security alerts
Contract performance or Legitimate interests
Responding to customer support requests
Contract performance or Legitimate interests
Analyzing website usage (analytics cookies)
Consent (via cookie banner) or Legitimate interests (for anonymized data)
Sending promotional emails (newsletters, offers)
Consent (opt-in required)
Fraud prevention and legal compliance
Legal obligation or Legitimate interests
You may withdraw consent at any time (e.g., unsubscribe from marketing emails).
As an EEA or UK resident, you have the following rights. We will respond to any request within 30 days (free of charge, except for manifestly unfounded or excessive requests).
You can request a copy of all personal data we hold about you. We will provide it in a structured, commonly used, machine-readable format (e.g., JSON or CSV).
You can correct inaccurate or incomplete personal data (e.g., update your email or billing address).
You can request deletion of your personal data when:
The data is no longer necessary for the purpose we collected it.
You withdraw consent and there is no other legal basis for processing.
You object to processing based on legitimate interests and we have no overriding grounds.
The data has been unlawfully processed.
Deletion is required by law.
Limitations: We may retain data for legal obligations (e.g., tax records for 7 years, fraud prevention).
You can request that we stop actively processing your data (but keep it stored) in certain cases, such as when you contest the accuracy of the data.
You can request that we transfer your data (account info, order history) directly to another service provider, where technically feasible.
You can object to processing based on legitimate interests (e.g., analytics) or direct marketing. We will stop unless we demonstrate compelling legitimate grounds.
If processing is based on your consent (e.g., marketing cookies, newsletter), you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.
You have the right to complain to your local Data Protection Authority (e.g., ICO in the UK, CNIL in France, BfDI in Germany) if you believe we have violated your GDPR rights.
To make a GDPR request:
Email us at: [gdpr@yourwebsite.com]
Include: Your name, email address used on our website, and a clear description of the right you wish to exercise (e.g., "Request deletion of my account and all personal data").
Verification: We may ask for proof of identity (e.g., a copy of a government ID with sensitive data redacted) to prevent fraudulent requests.
We will respond within 30 days. If your request is complex or you make multiple requests, we may extend the response time by up to 60 additional days (we will inform you).
For a complete list, see our Privacy Policy. Here is the GDPR-relevant summary:
Category
Examples
Retention Period
Identity data
Name, username
Until account deletion + up to 30 days
Contact data
Email address, billing address
Until account deletion + up to 7 years (for tax/legal)
Transaction data
Order history, download logs, IP address at time of purchase
7 years (tax obligation)
Account credentials
Hashed password
Until account deletion
Usage data
Pages visited, downloads, search queries
26 months (anonymized after)
Marketing data
Newsletter subscription status, preferences
Until you unsubscribe + 30 days
Note: We do not collect special categories of data (health, biometric, political opinions, etc.).
Our website uses cookies. For non-essential cookies (analytics, marketing), we obtain your explicit consent via a cookie banner when you first visit.
Essential cookies (no consent required): Session cookies, login cookies, cart cookies.
Analytics cookies (consent required): Google Analytics, etc. – used to measure traffic.
Marketing cookies (consent required): For retargeting ads (if applicable).
You can change your cookie preferences at any time via the "Cookie Settings" link in our footer.
Without consent for non-essential cookies, only essential cookies will be set, and some features (e.g., personalized recommendations) may be limited.
Our servers are located in [Your Country, e.g., United States] . When we transfer your personal data from the EEA/UK to a country that the European Commission has not deemed "adequate," we rely on:
Standard Contractual Clauses (SCCs) adopted by the European Commission.
UK International Data Transfer Agreement (IDTA) for transfers from the UK.
You may request a copy of these safeguards by emailing [gdpr@yourwebsite.com].
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the risk is high, we will also notify you directly (by email) without undue delay.
We maintain internal breach response procedures and regularly test our security measures.
We have appointed a Data Protection Officer (DPO) who can be contacted at:
📧 DPO email: [dpo@sellmycode.site]
Our DPO is responsible for monitoring our GDPR compliance and handling your requests.
If you are a sole trader or small business not required to appoint a DPO under Article 37, you may omit this section or state "No DPO is required, but contact us at [gdpr@yourwebsite.com] for privacy matters."
We may update this GDPR Policy from time to time to reflect changes in our practices or legal requirements. The latest version will always be posted on this page with a new "Last updated" date. Material changes will be notified via email or website banner.