GDPR Compliance

Data Controller

Private DevOps LTD

• Registration Number: 204591393
• Address: BULGARIA, 1404 Sofia, Triaditsa District, Block 200, Entrance G, Floor 4a
• Email: info@privatedevops.com
• Phone: +359888176193

Supervisory Authority

The supervisory authority responsible for data protection in Bulgaria is:

Commission for Personal Data Protection

• Address: Sofia 1592, Prof. Tsvetan Lazarov Blvd. 2
• Phone: +359 2 915 3580
• Website: cpdp.bg

Legal Basis for Processing Personal Data

Private DevOps LTD processes personal data in accordance with Article 6(1) of the General Data Protection Regulation (GDPR). We rely on the following legal bases:

• Consent (Article 6(1)(a)): Where you have given clear consent for us to process your personal data for a specific purpose, such as subscribing to our newsletter or submitting a contact form.
• Contractual Necessity (Article 6(1)(b)): Where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract.
• Legal Obligation (Article 6(1)(c)): Where processing is necessary to comply with a legal obligation to which Private DevOps LTD is subject.
• Legitimate Interests (Article 6(1)(f)): Where processing is necessary for our legitimate interests, such as improving our services, website analytics, and fraud prevention, provided these interests are not overridden by your fundamental rights and freedoms.

Purposes of Processing Personal Data

We collect and process personal data for the following purposes:

• To provide and manage our DevOps consulting and infrastructure services.
• To respond to your enquiries submitted through our website or other communication channels.
• To send service-related communications and updates.
• To send marketing communications (only with your explicit consent).
• To improve our website, services, and user experience through analytics.
• To provide free interactive tools (website speed tests, calculators, SSL tools, DNS lookups, email checks) and process the data submitted to them in real time.
• To store shared tool results temporarily (7 days) when users explicitly create share links.
• To provide live chat support via Tawk.to.
• To enable meeting scheduling via Calendly.
• To comply with legal and regulatory obligations.
• To protect our legitimate business interests and enforce our terms of service.

Third-Party Data Processors

We use the following third-party services that may process your personal data:

• Google Analytics (Google LLC): Website analytics. Legal basis: Legitimate Interests. Data may be transferred to the United States under Standard Contractual Clauses. Privacy Policy
• Tawk.to (Tawk.to Inc.): Live chat support. Legal basis: Legitimate Interests. Processes chat messages, IP addresses, and browser information. Privacy Policy
• Calendly (Calendly LLC): Meeting scheduling. Legal basis: Consent (when you choose to book a call). Processes name and email address. Privacy Policy
• Cloudflare (Cloudflare Inc.): CDN, security, and DNS. Legal basis: Legitimate Interests. Processes IP addresses and request metadata. Privacy Policy
• Hetzner (Hetzner Online GmbH): Server hosting in Germany/Finland (within the EEA). Privacy Policy

Duration of Storage

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. The specific retention periods depend on the nature of the data and the purpose of processing:

• Contract-related data: Retained for the duration of the contractual relationship and for up to 5 years after termination, in accordance with applicable commercial and tax law.
• Consent-based data: Retained until you withdraw your consent.
• Analytics data: Retained in anonymised or pseudonymised form for up to 26 months.
• Communication records: Retained for up to 3 years after the last interaction, unless a longer period is required by law.
• Free tool data: Processed in real time and not stored. Shared results are retained for 7 days, then automatically deleted.
• Chat conversations (Tawk.to): Retained by Tawk.to in accordance with their data retention policy.

Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

• Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you.
• Right to Rectification (Article 16): You have the right to request correction of inaccurate or incomplete personal data.
• Right to Erasure (Article 17): You have the right to request deletion of your personal data where there is no legitimate reason for us to continue processing it.
• Right to Restrict Processing (Article 18): You have the right to request the suspension of processing of your personal data in certain circumstances.
• Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
• Right to Object (Article 21): You have the right to object to the processing of your personal data where we are relying on legitimate interests as the legal basis.
• Right to Withdraw Consent (Article 7(3)): Where we rely on consent to process your data, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with the Commission for Personal Data Protection if you believe your data protection rights have been violated.

To exercise any of these rights, please contact us at info@privatedevops.com. We will respond to your request within 30 days. If your request is complex, we may extend this period by up to 2 additional months, and we will inform you of any such extension within the initial 30-day period.

Additional Provisions

• We do not engage in automated decision-making or profiling that produces legal effects concerning you.
• Where we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.
• We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction.
• This GDPR compliance notice may be updated from time to time. Changes will be posted on this page. We encourage you to review this page periodically.