Compliance & security

How Buronia protects your personal data, country by country. Compliance is the entire job — your benefit application carries sensitive financial, medical, and identity data, and the wrong handling defeats the whole point of using us.

Country-specific frameworks

Each country adds national rules on top of GDPR. We track each one explicitly:

• Deutschland (Germany) — Federal Data Protection Act (BDSG) and Telemedia Act (TMG)
• España (Spain) — Organic Law 3/2018 on Personal Data Protection and digital-rights guarantees (LOPDGDD)
• Suomi (Finland) — Data Protection Act (1050/2018)
• Lietuva (Lithuania) — Law on Legal Protection of Personal Data (ADTAĮ)
• Security & certificates — TLS, encryption at rest, sub-processors, backups, vuln disclosure

Where to start

If you want to verify Buronia handles your data correctly before submitting an application, read these in order:

1. Our privacy policy — what we collect and why, with the exact GDPR Article 6 / 9 legal basis for each.
2. Security mechanisms — TLS, AES-256-GCM at rest, sub-processor list with regions.
3. The compliance page for your own country, above.
4. Imprint & DPO contact.

Contact our Data Protection Officer

Victor Cheng — dpo@buronia.com. Our DPO answers all GDPR Art. 15–22 requests directly, typically within 7 days.