1Who we are (Controller information)
2Scope
This statement covers personal data processed in connection with:
- Website visits and inquiries
- Sales and business communications
- Delivery of professional services (custom software, integrations, workshops, security work)
- Use of any hosted/SaaS services (if applicable)
- Marketing communications (where permitted)
It does not cover third-party sites or services that we do not control.
3Personal data we collect
Depending on how you interact with us, we may collect:
3.1 Data you provide directly
- Identity and contact data (name, email, phone, role, company)
- Inquiry and project information (requirements, timelines, budgets you choose to share)
- Communications (messages, call notes, meeting recordings where disclosed)
- Billing and contracting information (invoices, purchase orders)
- Workshop participation details (attendance, feedback)
3.2 Data collected automatically (website/usage)
- Device and log data (IP address, browser type, device identifiers)
- Usage data (pages viewed, referring pages, time stamps)
- Approximate location derived from IP address
- Cookie identifiers and similar tracking data (see Cookies section)
3.3 Customer Data processed on behalf of customers
If you use our Services as a business customer, we may process personal data contained in Customer Data as instructed by you (e.g., end-user records or employee data). In that case, you are typically the controller, and we are the processor.
4Purposes and legal bases (GDPR)
We process personal data for the purposes below. Where GDPR applies, we rely on these legal bases:
Responding to inquiries and providing customer support
Legitimate interests; Contract
Sales, contracting, and account management
Contract; Legitimate interests
Delivering professional services and operating Services
Contract; Legitimate interests
Security, fraud prevention, and service integrity
Legitimate interests; Legal obligation
Billing, accounting, and compliance
Legal obligation; Contract
Marketing communications (newsletters, events, content)
Consent or Legitimate interests
Improving our website and Services (analytics)
Consent; Legitimate interests
6International data transfers
Our commitment to EU data sovereignty
We will never transfer any customer data outside of the European Union without your explicit consent. Your data stays in the EU unless you specifically authorize otherwise.
Our infrastructure and services are designed to keep data within the EU. In the rare cases where personal data may need to be transferred outside the EEA/UK (for example, if you explicitly request integration with a non-EU service), we use appropriate safeguards such as:
- European Commission Standard Contractual Clauses (SCCs)
- Adequacy decisions
- Other lawful transfer mechanisms
Any such transfer will only occur with your prior informed consent and under appropriate contractual protections.
7Data retention
We retain personal data only for as long as necessary for the purposes described, including legal, accounting, and reporting obligations.
Inquiry/contact requests
12–24 months after last interaction
Contract and billing records
As required by law (often 7 years)
Marketing subscriptions
Until unsubscribe + suppression record
Customer Data (hosted services)
Per contract; deleted/returned per terms
8Security
We implement technical and organizational measures designed to protect personal data, such as access controls, encryption in transit, logging/monitoring, and least-privilege practices.
9Your rights (GDPR)
Where GDPR applies, you may have rights including:
To exercise rights, contact us at privacy@logicos.software. We may request verification of identity.
11Children
Our Services are not directed to children, and we do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us to request deletion.
12Third-party links and services
Our website or Services may link to third-party sites. Their privacy practices are governed by their own policies, and we are not responsible for them.
13Business customer processing
If we act as a processor for Customer Data, we will:
- Process personal data only on documented instructions from the customer
- Implement appropriate security measures
- Assist with data subject requests where applicable
- Notify customers of personal data breaches as required by contract/law
- Engage subprocessors under appropriate terms
- Delete/return data at end of services per contract
A formal DPA may be provided upon request or as required.
14Changes to this Privacy Statement
We may update this statement periodically. If changes are material, we will provide notice by posting an updated version and/or via other appropriate communications.