Privacy Policy

Data Controller

Servsoft Mag Web SRL ("OpsDeck", "we", "us") is the controller of personal data processed via this website and our software services.

For any data protection questions, you can contact us at contact@opsdeck.eu.

Data we collect

From website visitors

• Technical data: IP address, browser, operating system, pages visited (collected via web server logs and analytics)
• Cookies: see our Cookies Policy

From contact form / email contact

• Name, email, phone (if provided), company name, message content

From cold outreach (B2B)

• Public business data: company name, generic email (office@, contact@, info@), VAT ID — sourced from public registers (Romanian Trade Register, etc.)
• We never collect or process personal emails (e.g. firstname.lastname@) without explicit consent

From customers (clients of our software)

• Company information, contact persons, billing details, software usage logs

Legal basis for processing

We process your personal data based on the following legal grounds, depending on context:

• Consent (Art. 6(1)(a) GDPR) — for marketing communications you opted into, and for non-essential cookies
• Contract performance (Art. 6(1)(b) GDPR) — to provide software services to our customers
• Legitimate interest (Art. 6(1)(f) GDPR) — for B2B cold outreach to publicly listed business emails (where the offer is relevant to the recipient’s activity), security and fraud prevention, basic website analytics
• Legal obligation (Art. 6(1)(c) GDPR) — for accounting, tax, anti-money laundering, and other legal requirements

Why we use your data

• To respond to your inquiries (contact form, email)
• To deliver and maintain our software services
• To send relevant commercial offers to business contacts (with the right to opt out at any time)
• To improve our website and services through analytics
• To comply with legal obligations (tax records, audits, etc.)
• To prevent fraud and abuse

Who we share your data with

We do not sell or rent your personal data. We share data only with:

• Hosting providers: Hetzner Online GmbH (Germany) — for our website infrastructure
• Email service providers: Brevo or Mailchimp — when sending newsletters or commercial campaigns (under DPA)
• Accounting / legal advisors: only when strictly necessary for our legal obligations
• Authorities: only when required by law (court orders, tax investigations, etc.)

All processors we use are bound by Data Processing Agreements (DPA) and are GDPR-compliant.

How long we keep your data

• Inquiries (contact form, email): 3 years from the last interaction
• Customer data (active contract): for the duration of the contract + 10 years (legal accounting requirement in Romania)
• Marketing list: until you unsubscribe (then permanently moved to suppression list — kept indefinitely as proof of opt-out compliance)
• Server logs: 90 days
• Cookies: see Cookies Policy

Your rights under GDPR

Under the EU General Data Protection Regulation (Regulation 2016/679), you have the following rights:

• Right of access (Art. 15) — get a copy of the data we hold about you
• Right to rectification (Art. 16) — correct inaccurate data
• Right to erasure (Art. 17) — request deletion of your data ("right to be forgotten")
• Right to restrict processing (Art. 18)
• Right to data portability (Art. 20) — receive your data in a structured, machine-readable format
• Right to object (Art. 21) — particularly for marketing or legitimate interest processing
• Right to withdraw consent (Art. 7) — at any time, without affecting prior lawful processing
• Right to lodge a complaint with the Romanian supervisory authority (ANSPDCP — www.dataprotection.ro) or your local EU DPA

To exercise any of these rights, email us at contact@opsdeck.eu. We will respond within 30 days as required by law.

Security measures

We implement appropriate technical and organizational security measures, including:

• HTTPS/TLS encryption for all website traffic
• Encrypted database storage
• Access controls with two-factor authentication
• Regular security audits and updates
• Backup and disaster recovery procedures
• Staff training on data protection

If a personal data breach occurs and is likely to result in a high risk to your rights, we will notify you without undue delay (Art. 34 GDPR).

International data transfers

Your data is primarily stored within the European Economic Area (EEA), specifically on servers in Germany (Hetzner) and Romania.

If a transfer outside the EEA becomes necessary (e.g. for analytics tools), we ensure it is covered by EU Standard Contractual Clauses or equivalent safeguards as required by GDPR Chapter V.

Changes to this policy

We may update this Privacy Policy from time to time. The latest version is always available at opsdeck.eu/privacy, with the "Last updated" date at the top.

For material changes affecting your rights, we will notify you via email if we have your address.

Contact us

For privacy questions, requests, or to exercise your rights:

📧 contact@opsdeck.eu
🏢 Servsoft Mag Web SRL, Romania