Privacy Policy

2.  Purpose and Legal Basis of Processing

Personal data is processed for:

• Provision and management of RISP and enterprise licenses

• User account and access management

• Billing and contract administration

• Communication with users and customers

• Ensuring IT security, operational continuity, and abuse prevention

​

Legal bases: Art. 6(1)(b) GDPR (contract performance), Art. 6(1)(f) GDPR (legitimate interest), optionally Art. 6(1)(a) GDPR (consent).

​

​

3. Categories of Personal Data Processed

• Business contact information of authorized users (name, email, role)

• Authentication and access data (login timestamps, roles, permissions)

• Usage and metadata related to platform activity

• Communication data in support

​​

No special categories of personal data (Art. 9 GDPR) are processed.

​

​

4.  Use of Artificial Intelligence

AI is used to prepare and summarize regulatory information. No automated decisions or profiling are performed. Personal data is not used for AI training.

​

​

5.  Data Retention and Deletion

Personal data is retained only as long as necessary for the purpose or required by law. Afterward, it is deleted or anonymized.

​

​

6.  Data Sharing

Data is shared only if:

• Required for contract fulfillment

• Required by law

• Consent has been given

​

No transfer to third countries without appropriate legal basis.

​

​

7.  Data Subject Rights

Rights to access, rectification, erasure, restriction, data portability, and objection (Art. 15–21 GDPR).

​

​

Requests: 

​

8.  Security Measures

Technical and organizational measures (Art. 32 GDPR): role-based access controls, encryption, separation of customer data, logging, and regular review.