PRIVACY POLICY – GLOBAL SOLUTION IN CODE S. R. L.

1. Introduction

GLOBAL SOLUTION IN CODE S.R.L. (hereinafter referred to as “we”, “us”, or “our”) is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy describes how we collect, use, disclose, and protect your information when you access or use our website, products, or services.

We operate in accordance with the applicable data protection regulations, including:

The United Kingdom General Data Protection Regulation (UK GDPR)
The European Union General Data Protection Regulation (EU GDPR)
The UK Data Protection Act 2018
The ePrivacy Directive (Directive 2002/58/EC, as amended)

By using our website, services, or interacting with us in any way, you confirm that you have read and understood this policy and agree to the processing of your data as described herein. If you do not agree, please refrain from using our services.

This policy applies to all visitors, customers, and users of our services, whether registered or not, and covers any personal data shared via contact forms, purchases, subscriptions, or analytics.

We may update this policy from time to time to reflect changes in our operations or legal obligations. Significant changes will be notified on our website or by email if required.

Legal Entity Name: GLOBAL SOLUTION IN CODE S.R.L.

Company Registration Number: 51926147

Registered Address: Bucureşti, Sector 3, Aleea Mostiştea, Nr. 39A, Scara 1, Etaj 4, Ap. 50,

Postcode: 032115, Romania

Email: sale@gsincode.com

Phone: +40 725 124 360

Effective Date: 25 May 2025

2. What Data We Collect

We may collect and process the following categories of personal data:

2.1 Identification and Contact Data

Full name
Country of residence
Email address
Phone number (if provided voluntarily)

2.2 Payment and Billing Data

All payments are processed securely via Stripe. We do not store full card details. However, we may collect:

Billing address
Payment method (e.g., Visa, Apple Pay)
Transaction ID and payment status
Date and time of transaction
Partial card data (last 4 digits, card type)

This data is used for payment processing, fraud prevention, and issuing refunds.

2.3 Technical Data

When visiting our site, we collect technical data automatically via cookies and server logs:

IP address
Browser type and version
Device type and operating system
Time zone and language settings
Session duration and pages visited

This data helps improve security, performance, and user experience.

2.4 Usage Data

We may track how you interact with our digital products and website features, including:

Buttons clicked
Features accessed
Frequency and duration of visits

2.5 Communication and Support History

If you contact us via email, form, or live chat, we may retain:

Message content
Email correspondence
Support tickets
Internal notes related to support interactions

2.6 Marketing Preferences

If you opt in, we may store:

Newsletter subscription status
Language and region preferences
Consent to marketing communications
Timestamp of consent or opt-out

2.7 Legal and Compliance Data

Where required by law, we may collect data related to:

Tax information
Invoices
Legal requests or disputes
Identity verification for fraud prevention

3. Legal Basis and Purposes of Data Processing

We process your personal data in compliance with the UK GDPR and EU GDPR, based on the following legal grounds:

3.1 Contractual Necessity

We process data to fulfil contractual obligations, including:

Delivering purchased digital products
Managing orders and payments
Providing customer service and support

3.2 Legal Obligations

We may process personal data when required to comply with:

Accounting and tax regulations
Anti-fraud and anti-money laundering laws
Court orders or regulatory inquiries

3.3 Legitimate Interests

We process certain data to pursue our legitimate business interests, provided they do not override your rights:

Improving website performance and services
Protecting our platform against abuse
Sending limited service-related communications
Conducting internal analytics and statistics

You may object to processing based on legitimate interests at any time.

3.4 Consent

We process data based on your explicit consent for:

Receiving newsletters and marketing
Storing cookies (unless strictly necessary)
Participating in surveys or feedback programs

You can withdraw your consent at any time without affecting the lawfulness of prior processing.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. However, we may share it with the following categories of recipients under specific circumstances:

4.1 Service Providers and Partners

We may share data with trusted third parties that help us operate our business, including:

Hosting providers and cloud infrastructure (e.g., servers, backups)
Payment processors (e.g., Stripe)
Email delivery and CRM platforms
IT support and technical service providers

All such providers are contractually obligated to protect your data and act only on our instructions.

4.2 Legal and Regulatory Authorities

We may disclose data if required to do so by law, or to:

Comply with court orders, subpoenas, or legal processes
Respond to lawful requests from public authorities
Enforce our terms and legal rights
Prevent fraud, abuse, or threats to safety

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of that transaction.

We ensure that any such disclosures comply with applicable data protection laws and only occur when strictly necessary.

5. Data Retention and Deletion

We retain your personal data only as long as necessary for the purposes for which it was collected, or to comply with applicable legal, regulatory, or contractual obligations.

5.1 Retention Criteria

Retention periods depend on the type of data and legal context. We generally use the following criteria:

Contractual data (e.g., purchases): up to 6 years under tax and commercial laws
Support records and communication: kept as long as required for customer service
Technical and usage data: stored for analytics and security, typically no longer than 24 months
Marketing consent data: retained until withdrawn or no longer needed
Legal compliance data: stored for periods mandated by law

5.2 Deletion and Anonymization

Once data is no longer needed, we securely delete or anonymize it so it can no longer be linked to an individual.

We also perform periodic audits to review retention timelines and remove outdated records.

6. Your Data Protection Rights

As a resident of the UK or EU, you are entitled to a number of rights regarding your personal data under the UK GDPR and EU GDPR regulations. These rights exist to ensure transparency, fairness, and control over how your personal data is collected and used:

Right of Access – You have the right to obtain confirmation about whether we process your personal data and to receive a copy of that data.
Right to Rectification – You may request correction of inaccurate, incomplete, or outdated personal information.
Right to Erasure – Also known as the “right to be forgotten”; you may ask for deletion of your personal data when it is no longer needed or you withdraw your consent.
Right to Restrict Processing – You may request that we limit the processing of your data, for example while its accuracy is being verified.
Right to Data Portability – You can request that your data be provided to you or another controller in a structured, commonly used, machine-readable format.
Right to Object – You may object to the processing of your data when it is done on grounds of legitimate interest or for direct marketing purposes.
Right to Withdraw Consent – If your data is processed based on consent, you may withdraw that consent at any time.
Right to Lodge a Complaint – You have the right to file a complaint with a supervisory authority in your country regarding our handling of your data.

To exercise any of these rights, please contact us at: sale@gsincode.com. We may ask for additional information to verify your identity.

7. Disclosure of Your Information

We do not sell, rent, or commercially exploit your personal data. However, we may disclose your data to third parties under strict conditions and only when necessary for the functioning of our services, legal compliance, or business operations. All third parties must agree to comply with data protection obligations.

7.1 Service Providers (Processors)

We may share data with external vendors who process data on our behalf, including:

Cloud hosting providers (e.g., data storage, backups)
Payment processors (e.g., Stripe, for secure transactions and fraud prevention)
Email service providers (e.g., sending confirmation emails)
Technical support contractors or IT consultants

These providers are bound by contractual obligations to:

Process data only on our instructions
Maintain confidentiality and security
Not use the data for their own purposes

7.2 Legal Obligations and Government Requests

We may disclose your personal data if required by law, or in good faith when such disclosure is necessary to:

Comply with a legal obligation, such as a court order or administrative request
Cooperate with regulators, tax authorities, or enforcement bodies
Enforce our legal rights, including contractual terms
Protect the safety, property, or rights of our business or other users

7.3 Business Transfers

In the event of a merger, acquisition, sale of assets, or restructuring, your data may be transferred to a successor entity.

We will ensure such parties uphold the commitments described in this Privacy Policy.

7.4 Disclosure with Your Consent

In some situations, we may share your data if you explicitly consent (e.g., testimonials, reviews, referral programs).

7.5 International Transfers

Where any of the above parties are located outside the EEA or UK, we apply additional safeguards described in section 8.

7.6 Transparency and Further Information

You may contact us at any time to request more information about third parties with whom your data is shared: sale@gsincode.com

8. International Data Transfers

We are committed to processing your personal data within the United Kingdom (UK) and the European Economic Area (EEA) wherever possible. However, in limited circumstances, your personal data may be transferred to and processed in countries located outside the UK or EEA.

Such transfers occur only when necessary for providing our services or where required by law, and we apply rigorous legal safeguards to ensure the continued protection of your data.

8.1 Why Your Data May Be Transferred Internationally

International transfers may occur for the following purposes:

Use of third-party service providers (e.g., Stripe) based or hosting data outside the UK/EEA
Use of communication, email, and CRM tools with global infrastructure
Backup and disaster recovery systems
Engagement of international contractors or customer support personnel
Compliance with international legal or regulatory requirements

8.2 Countries Involved

Transfers may occur to countries such as:

The United States (e.g., for payment and cloud services)
Other jurisdictions where our processors or sub-processors operate

We only transfer data to third countries under strict legal conditions.

8.3 Safeguards and Legal Basis

To ensure that your data remains protected, we implement the following safeguards in compliance with Article 46 of the UK and EU GDPR:

Transfers only to countries that have received an adequacy decision from the UK Government or European Commission
Use of Standard Contractual Clauses (SCCs) approved by regulatory authorities
Supplementary measures, including data minimisation, access restrictions, encryption, and pseudonymisation
Binding contractual commitments with third-party processors to uphold GDPR standards

8.4 Your Rights Regarding International Transfers

You have the right to:

Request a copy of the Standard Contractual Clauses or other safeguards we rely upon
Receive details of the countries or organisations involved
Object to transfers under specific legal conditions, particularly when based on legitimate interest

8.5 Contact and Transparency

If you would like further information or wish to exercise your rights, please contact:

sale@gsincode.com

9. Data Retention

We store your personal data only for as long as is strictly necessary to fulfil the purposes for which it was collected, in accordance with the principles of data minimisation and storage limitation under the UK and EU GDPR.

We also retain data to comply with legal obligations, resolve disputes, and enforce our contractual agreements. Retention periods vary based on the type of data, applicable laws, and our legitimate interests.

9.1 General Principles

Data must not be kept for longer than necessary.
Retention periods are defined at the point of data collection or processing.
Data that is no longer required is deleted or anonymised securely.

9.2 Specific Retention Periods

We apply the following retention periods depending on the category of data:

Contractual data (such as orders, invoices): retained for up to 6 years from the date of the transaction, as required by tax and accounting legislation in the UK and EU.
Customer support and communication records: kept for up to 3 years after the last user interaction, to ensure service quality, resolve disputes, and monitor abuse.
Technical logs and analytics data: stored for 12 to 24 months depending on their sensitivity and relevance, in order to improve performance, monitor system integrity, and enhance security.
Marketing consent and communication preferences: retained until you withdraw your consent or until the information becomes obsolete. We review marketing lists regularly.
Payment verification data (not card numbers): retained for 3 to 6 years to meet anti-fraud requirements and legal accountability (e.g., metadata from Stripe).
Legal or regulatory dispute documentation: retained until all related proceedings or limitation periods are fully closed.

9.3 Exceptions

We may retain certain records for longer periods when:

Required by local tax, financial or regulatory frameworks
Legal claims are pending or reasonably anticipated
Law enforcement or judicial authorities request preservation

9.4 Security of Archived Data

Archived data is:

Isolated from active systems
Encrypted and access-controlled
Subject to retention policies and regular review

9.5 Data Deletion and Review

We conduct periodic audits of all data repositories. Once the retention period ends, we:

Permanently delete the data using secure wiping tools
Or anonymise it so it is no longer associated with any individual

Users may request clarification of our retention schedule at: sale@gsincode.com

10. Cookies and Similar Technologies

Our website uses cookies and similar technologies to ensure functionality, enhance user experience, analyse website traffic, and support security and marketing efforts. We inform users of these technologies upon visiting the site and, where required, request explicit consent.

10.1 What Are Cookies?

Cookies are small text files placed on your device (computer, smartphone, tablet) when you visit a website. They allow the site to remember your actions and preferences (e.g., language, login, session status) over a period of time.

Similar technologies include local storage, web beacons, tracking pixels, scripts, and SDKs used in mobile environments.

10.2 Types of Cookies We Use

We use the following categories of cookies:

Strictly Necessary Cookies – essential for website operation, such as navigation, secure logins (if any), or payment processing. These cannot be disabled through our cookie banner.
Functional Cookies – allow the site to remember user preferences (e.g., language, region, font size) and improve usability.
Performance and Analytics Cookies – help us understand how visitors interact with the website, which pages are visited most often, and whether users encounter errors. We only use these if you accept analytics cookies.
Marketing Cookies – used to track visitors across websites and display personalised ads. We do not currently use third-party advertising cookies.

10.3 Legal Basis for Cookie Use

Strictly necessary cookies are processed based on our legitimate interest in delivering secure and functioning services.
All other categories require your explicit consent through the cookie banner in compliance with the ePrivacy Directive and UK Privacy and Electronic Communications Regulations (PECR).

10.4 Cookie Duration

Cookies may be:

Session cookies – expire when you close your browser
Persistent cookies – stored on your device for a fixed period (e.g., 30 days to 12 months)

10.5 Managing Your Preferences

You can control and withdraw your consent at any time:

By adjusting your choices in our cookie banner or consent manager
By configuring browser settings to block or delete cookies
By using tools like www.aboutcookies.org or browser-specific options

10.6 Third-Party Services

Some cookies may be set by trusted third-party tools (e.g., Stripe for payment security). These providers have their own privacy and cookie policies, which we encourage you to review.

11. Data Security

We implement strict technical and organisational measures to ensure the confidentiality, integrity, and availability of your personal data, in accordance with Article 32 of the UK GDPR and EU GDPR. Our approach is based on risk assessment, compliance standards, and industry best practices.

11.1 Security Measures We Apply

We protect your data using the following safeguards:

Encryption – all data in transit (e.g., via forms or checkout) is encrypted using HTTPS (SSL/TLS); sensitive data is encrypted at rest where applicable.
Access control – internal access to personal data is restricted based on roles and responsibilities, applying the principle of least privilege.
Server and infrastructure security – we use secure, monitored hosting environments with firewalls, regular patching, and threat detection systems.
Data backups and continuity – regular encrypted backups are performed and stored securely to prevent data loss and ensure business continuity.
Monitoring and logging – access to systems and data is logged; critical systems are monitored for anomalies and attacks.

11.2 Organisational Security Practices

All staff and contractors with access to personal data are subject to confidentiality agreements.

Employees receive regular training on data protection, phishing, and secure handling of information.
Internal policies define secure procedures for collecting, storing, transferring, and deleting data.
Data protection assessments (DPIAs) are conducted when new processing activities are introduced.

11.3 Breach Notification Protocol

In the unlikely event of a personal data breach:

We will assess the risk promptly and notify the relevant supervisory authority within 72 hours, if required by law.
If the breach is likely to result in a high risk to your rights and freedoms, we will also inform you without undue delay, explaining the nature of the breach and any steps taken to mitigate it.

11.4 Your Role in Data Security

You can help protect your data by:

Using secure and up-to-date browsers and devices
Not sharing sensitive information via unsecured channels
Immediately notifying us of any suspected unauthorised access or breach at: sale@gsincode.com

12. Contact Information

If you have any questions, concerns, requests regarding your personal data, or if you wish to exercise any of your data protection rights as described in this Privacy Policy, you can contact us using the following details: