Version: 1.1
Last Updated: 23-07-2024
Responsible Entity: GFoundry Lda
1. Introduction
GFoundry Lda, headquartered in Valença (Portugal), at Avenida Tito Flores, nº 71, with a capital stock of €55,000.00, registered at the Odivelas Registrar of Companies under the single registration and VAT number PT510809510, hereinafter referred to as GFOUNDRY, is responsible for the processing of personal data related to its software products and services.
This document describes how GFOUNDRY ensures compliance with the General Data Protection Regulation (EU 2016/679) (GDPR) regarding the collection, processing, and storage of personal data.
2. Applicability
This policy applies to all accounts created on the GFoundry platform, including those accessed through custom subdomains (e.g., empresa.gfoundry.com) or through client-owned domains. It also applies to:
- The GFoundry online platform (the “Service”).
- The website gfoundry.com (the “Website”).
- Other interactions (e.g., customer service requests) with GFOUNDRY products.
- Third-party integrations, including Google Cloud infrastructure services.
A separate Service Agreement governs the delivery, access, and use of the Service, including the processing of customer data.
3. Collection and Processing of Personal Data
GFOUNDRY processes only the necessary personal data for the provision of its services. Data types may include:
- Name, email, device identifiers, and geographical location.
- Data related to system access, usage logs, and platform interactions.
- Behavioral data required for improving the Service.
4. Legal Basis for Data Processing
Personal data is processed under lawful conditions, such as:
- Explicit consent.
- Performance of contractual obligations.
- Compliance with legal requirements.
- Legitimate interests pursued by GFOUNDRY.
5. Data Storage and Security Measures
GFOUNDRY utilizes Google Cloud Infrastructure to ensure:
- Encrypted storage and secure data transmission (HTTPS and SSH keys).
- Redundant and scalable storage with 99.999999999% durability.
- Continuous monitoring and automatic failover mechanisms.
GFOUNDRY follows Security Incident Governance Framework policies, ensuring:
- Immediate response to security breaches.
- Notification of affected clients within 72 hours in compliance with GDPR.
- Post-incident analysis and continuous improvement processes.
6. User Rights
Under GDPR, users have the right to:
- Access their personal data.
- Rectify incorrect or incomplete data.
- Request erasure under specific conditions.
- Restrict processing and object to data usage.
- Request data portability in a structured format.
Users can contact the Data Protection Officer (DPO) at [email protected] for exercising their rights.
7. Data Retention and Deletion
- Personal data is stored only for the duration necessary for processing purposes.
- Upon contract termination, all customer data is deleted after a 7-day backup retention period.
- Clients can request a final backup before deletion.
8. Cookies and Analytics
- GFOUNDRY uses cookies for essential functionality and service optimization.
- Google Analytics is used for usage insights, ensuring compliance with GDPR regulations.
- Users can manage cookie preferences via browser settings or the website banner.
9. International Data Transfers
Any data transfer outside the EU is conducted in compliance with GDPR, ensuring appropriate safeguards such as:
- Standard Contractual Clauses (SCCs) when required.
- Google Cloud’s Privacy Shield compliance.
10. Policy Updates
This policy may be updated periodically. Users will be notified of significant changes through the platform or website.