Data Protection And Privacy Policy – GFoundry

DATA PROTECTION AND PRIVACY POLICY – GFOUNDRY

Version 1.2 – March 2025

At GFoundry, we take privacy and personal data protection very seriously. This policy describes how we collect, use, store, and protect personal data, in compliance with the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679).

1. DATA CONTROLLER

GFoundry Lda, headquartered at Avenida Tito Flores, n.º 71, Valença (Portugal), VAT number PT510809510, is the entity responsible for the processing of personal data related to its software products and services.

2. SCOPE OF APPLICATION

This policy applies to all accounts created on the GFoundry platform, including those accessed through custom subdomains (e.g., https://www.google.com/search?q=company.gfoundry.com) or through domains owned by clients. It also applies to:

  • The GFoundry online platform (“Service”);
  • The website www.gfoundry.com (“Website”);
  • Interactions such as customer support requests;
  • Integrations with third-party services, such as the Google Cloud infrastructure.

Note: The use of the Service is governed by a separate Service Agreement, which defines the contractual obligations and the processing of client data.

3. DATA COLLECTION AND PROCESSING

GFoundry collects only the data necessary for the provision of its services, including:

  • Name, email, device identifiers, geographic location;
  • Access data and platform usage logs;
  • Behavioral data relevant to improving the service.

4. LEGAL BASIS FOR PROCESSING

Data is processed lawfully, based on:

  • Explicit consent from the data subject;
  • Performance of contracts;
  • Compliance with legal obligations;
  • Legitimate interests of GFoundry, provided that the rights of the data subjects do not override them.

5. STORAGE AND SECURITY MEASURES

We use the Google Cloud Platform infrastructure, ensuring:

  • Encrypted storage and secure transmission (HTTPS, SSH keys);
  • Redundant storage with 99.999999999% durability;
  • Continuous monitoring and automatic recovery mechanisms.

We follow a security incident response plan, including:

  • Immediate response to breaches;
  • Notification to affected clients within 72 hours;
  • Post-incident assessment and corrective measures.

6. DATA SUBJECT RIGHTS

Under the GDPR, you have the right to:

  • Access your data;
  • Correct inaccurate or incomplete data;
  • Erase the data, under legal terms;
  • Limit or object to processing;
  • Request data portability in a structured format.

You can exercise your rights via email: [email protected].

7. DATA RETENTION AND DELETION

Data is stored only for the time necessary for the purpose of the processing. After the end of the contract:

  • Client data is deleted after a 7-day backup retention period;
  • The client may request a final backup before deletion.

8. COOKIES AND ANALYTICS

We use essential cookies for the functioning of the Service. The user can manage their preferences in the browser or through the notice on the website.

We use Google Analytics with IP anonymization for statistical analysis. Google is certified under the Data Privacy Framework (DPF).

9. INTERNATIONAL TRANSFERS

Whenever data is transferred outside the EU, we ensure adequate measures are in place, such as:

  • Standard Contractual Clauses of the European Commission;
  • Adherence to the Data Privacy Framework (DPF).

10. COMMUNICATIONS AND MARKETING

GFoundry may use personal data, namely the email address, to send communications about our products, services, events, and other updates that we consider to be of interest to our users and contacts.

Legal Basis for Processing

The processing of this data for marketing purposes will be carried out based on one of the following grounds:

Consent (Opt-in): When the data subject has provided us with their explicit and unequivocal consent for this purpose (e.g., by actively subscribing to our newsletter through the website).

Legitimate Interest (Soft Opt-in): In the context of a pre-existing commercial or professional relationship (e.g., platform users, clients, or contacts obtained within the scope of providing a service), we may send communications about GFoundry products or services that are similar to those for which the data subject has already shown interest or has acquired. This processing is based on our legitimate interest in promoting our services and keeping our contacts updated, and is always balanced against the interests and rights of the data subject.

Right to Object (Opt-out)

We recognize and respect the user’s right not to receive these communications. For this reason, in all marketing communications sent by GFoundry, a clear, simple, and free “opt-out” option will be provided.

The data subject may, at any time and without needing to provide justification, object to this processing by directly clicking the “Unsubscribe” (or “Cancelar Subscrição”) link present in the footer of all marketing emails.

After exercising the right to object, GFoundry will immediately cease sending this type of communication to the user. Exercising this right does not affect the lawfulness of the processing carried out up to that date.

11. POLICY UPDATES

This policy may be updated periodically. Any relevant changes will be communicated through the platform or website.

 

Contact for questions or exercise of rights: [email protected]