Privacy Policy - .
Introduction and Scope
This Privacy Policy explains how we collect, use, disclose and retain personal data in connection with our services. This policy applies to all customers in the area and to any individuals whose personal data we process on behalf of those customers where the General Data Protection Regulation (GDPR) or similar data protection laws apply. We are committed to protecting personal data and complying with applicable data protection law.
What Personal Data We Collect
We collect personal data that is necessary for the provision of our services. Categories of personal data we may collect include:
- Identity and account data: name, user identifier, account information, company name, job title.
- Contact data: email addresses, postal addresses, telephone numbers.
- Transactional data: records of services used, invoices, payment references and billing data.
- Technical data: IP addresses, device identifiers, browser and operating system details, log data, cookie and similar tracking information.
- Support and communication data: correspondence, support tickets, chat transcripts, feedback and preferences.
- Usage and analytics data: aggregated and pseudonymized usage metrics to improve service quality and performance.
- Optional sensitive categories: only where strictly necessary and with explicit consent (for example limited health or accessibility information required to deliver a specific service).
How We Collect Personal Data
- Directly from users when registering, ordering services, or contacting support.
- Automatically via technology such as cookies, analytics and server logs when you use our services.
- From third-party sources where permitted by law (for example, payment processors for billing verification).
Lawful Basis for Processing
Under the GDPR we rely on one or more lawful bases to process personal data depending on the nature of the processing:
- Performance of a contract: processing necessary to provide services, manage accounts and complete transactions.
- Legal obligation: processing required to comply with laws, tax and accounting obligations or court orders.
- Legitimate interests: for activities such as fraud prevention, network security, service improvement and direct communications, where such interests are not overridden by data subject rights and freedoms.
- Consent: where required for marketing communications, certain cookies or processing of special category data. Consent may be withdrawn at any time where it forms the basis for processing.
How We Use Personal Data
We use personal data for the following purposes:
- To deliver, maintain and improve our services.
- To administer accounts, process orders, manage billing and payments.
- To provide customer support, investigate incidents and respond to inquiries.
- To detect, prevent and mitigate fraud, abuse and security incidents.
- To comply with legal and regulatory obligations.
- To send service-related notices and where lawful, promotional communications with appropriate consent or opt-out mechanisms.
Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected and to satisfy legal, regulatory, tax and accounting requirements. Retention practices include:
- Account data: retained while the account is active and for a limited period thereafter (typically up to 7 years) to meet legal and business recordkeeping obligations.
- Transactional and billing records: retained for statutory accounting and tax periods (commonly 7 years unless otherwise required by local law).
- Support and communication logs: retained for up to 2 years unless needed longer for dispute resolution or legal requirements.
- Security logs and monitoring data: retained for operational and security purposes; retention period varies but is limited to what is necessary for detection, investigation and remediation of incidents.
- Aggregated and anonymized data: may be retained indefinitely for analytical and statistical purposes since it no longer identifies individuals.
Retention periods are determined by: the purpose of processing, contractual and legal obligations, and any operational need to defend or exercise legal rights. Where retention beyond the stated periods is necessary, we document the legal or business justification.
Processors and International Transfers
We engage third-party service providers ("processors") to perform functions such as payment processing, hosting, analytics, customer support and communications. We require all processors to implement appropriate technical and organizational measures and to process data only on our documented instructions.
- We enter into Data Processing Agreements (DPAs) with our processors to safeguard personal data.
- Where personal data is transferred outside the EEA or other jurisdictions with equivalent protections, we rely on appropriate safeguards such as adequacy decisions, Standard Contractual Clauses (SCCs) and other lawful transfer mechanisms.
- Processors are prohibited from using personal data for their own purposes and must cooperate with audits and compliance obligations.
Security
We implement technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. Measures include access controls, encryption in transit and at rest where appropriate, logging and monitoring, regular vulnerability management and staff training. While we strive to protect personal data, no system can be fully secure; therefore, we maintain incident response procedures to promptly address any data security events.
User Rights
Under the GDPR, data subjects have the following rights in relation to their personal data:
- Right of access: to obtain confirmation of processing and a copy of personal data.
- Right to rectification: to correct inaccurate or incomplete data.
- Right to erasure (right to be forgotten): to request deletion of data where lawful grounds permit.
- Right to restriction of processing: to request limited processing in certain circumstances.
- Right to data portability: to receive personal data in a structured, commonly used and machine-readable format and to transmit it to another controller where applicable.
- Right to object: to processing based on legitimate interests or for direct marketing; we will stop processing unless we demonstrate compelling legitimate grounds.
- Right not to be subject to automated decision-making: including profiling, where it produces legal or similarly significant effects, unless appropriate safeguards are in place.
To exercise these rights, individuals may use the mechanisms available in their account or service interface. We may require proof of identity and additional information to verify requests and to protect privacy and security. We will respond to valid requests in accordance with applicable law and within statutory time limits. If you remain unsatisfied, you have the right to lodge a complaint with a supervisory authority.
Requests and Verification
We will take reasonable steps to verify the identity of any person making a rights request before disclosing or amending personal data. Where requests are manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act.
Children
We do not intentionally collect personal data from children under the age required by applicable law to enter into a contract for our services. If we become aware that we have collected such data without appropriate consent, we will take steps to delete it as required.
Changes to this Policy
We may update this Privacy Policy to reflect changes in our practices, legal requirements or services. Material changes will be posted with an updated effective date. Continued use of services following changes constitutes acceptance of the revised policy.
Effective Date
This Privacy Policy is effective as of the date published and applies to all customers in the area, as stated above. We encourage you to review this policy periodically to remain informed about how we protect personal data.
End of Privacy Policy