GDPR GDPR & Data Protection
This page explains how FalcoSoft ITS processes personal data in relation to the services and website falcosoft.uk. The policy complies with the General Data Protection Regulation (GDPR).
- Who is the data controller
- What data we collect and why
- How long we keep data
- Who we share data with (subprocessors)
- Your rights and how to exercise them
1) Personal Data Controller
The personal data controller under GDPR is:
- FalcoSoft ITS (website: falcosoft.uk)
- Contact: [email protected]
- For GDPR requests you may contact us at the same email with subject: GDPR request
2) What data we process
- Email address, name (if provided)
- Identifier/login tokens (technical)
- Profile settings and preferences
- IP address (for security/logs/anti-abuse)
- User-Agent, approximate location (city/country by IP)
- Access and error logs (for diagnostics)
If you request a service/subscription:
- Billing name/email, company details (if any)
- Payment/transaction status (we do not store card details)
- Invoices/accounting documents (according to legal retention requirements)
- Messages through contact forms/email
- Support tickets (if used)
- Conversation history related to service delivery
3) Purposes and legal basis
| Purpose | Example | Basis |
|---|---|---|
| Providing services | Accounts, access, modules, support | Contract / Pre-contractual relations |
| Security and abuse prevention | Anti-spam, anti-bot, logs | Legitimate interest |
| Payments and invoicing | Subscriptions, invoices | Contract + Legal obligation |
| Improvement and diagnostics | Errors, performance, stability | Legitimate interest |
| Marketing (if applicable) | Newsletter, promotions | Consent (opt-in) |
4) Retention periods
- Account data: while you have an active account plus a reasonable period after closure for dispute/security purposes.
- Security logs: limited period (e.g. 30–180 days), unless required for an incident.
- Invoices/accounting: according to legal requirements (usually years).
- Communication/tickets: for as long as needed for support plus quality archive purposes.
- Data minimization
- Access restriction
- Deletion/anonymization when no longer needed
5) Subprocessors and transfers
We may use subprocessors (processors) for hosting, email delivery, payment processors and security. We only share the minimum required for the service.
Hosting / infrastructure
- Servers/cloud providers (EU/US depending on the project)
- CDN/WAF/anti-abuse (if used)
Payments
- Payment providers (e.g. Stripe/Viva/ePay/bank depending on the integration)
- We do not store full card details; processing is handled by the provider.
6) Your rights
Access
You have the right to receive information about what data we process about you.
Correction
You have the right to correct inaccurate or incomplete data.
Deletion
Under GDPR, you may request deletion (“the right to be forgotten”).
Restriction
You may request restriction of processing in certain cases.
Portability
You may request your data in a structured, machine-readable format.
Objection
You may object to processing based on legitimate interest (where applicable).
Send an email to [email protected] with subject GDPR request.
- Specify which right you are exercising (access/deletion/portability etc.)
- Specify the account email (if any)
- If needed, we may request reasonable identity verification (to avoid providing data to the wrong person)
7) Security
Technical measures
- Encryption (TLS) during data transfer
- Restricted access and roles
- Security logs and anti-abuse protection
- Backups (where applicable)
Organizational measures
- Data minimization and retention limits
- Incident procedures (if required)
- Risk assessment for new modules/integrations
Links to related documents
GDPR works together with the Privacy Policy, Cookies Policy and Terms of Service.