GDPR Data Processing Notice

Controller: BITSTRUCT SRL, 8 Balta Pasărea Street, Tunari, Ilfov, Romania, VAT RO52627984
Contact: [email protected]

BITSTRUCT SRL processes personal data of Users/Clients (“you”) in accordance with the GDPR and applicable law. We protect confidentiality and privacy and implement appropriate technical and organisational measures.

1) Purposes & Legal Bases

We process personal data for:

a) Contract & Service Delivery (Art. 6(1)(b) GDPR)

  • Concluding and performing contracts, providing plugins/services, licensing, activations, updates, support, troubleshooting, invoicing, collections, and customer relations.

  • Data may include: identification data, contact details, account/license info, billing data, technical logs strictly necessary to provide support.

b) Compliance (Art. 6(1)(c) GDPR)

  • Tax/VAT, accounting and legal obligations; responding to lawful requests from authorities.

c) Legitimate Interests (Art. 6(1)(f) GDPR)

  • Securing services, fraud prevention/abuse, defending legal claims, service analytics (minimal, aggregated), quality improvement, product security.

  • You may object at any time, on grounds relating to your situation.

d) Marketing with Consent (Art. 6(1)(a) GDPR)

  • Email communications about products/services, promotions, and updates; remarketing/cookies where required by law.

  • You can withdraw consent at any time without affecting prior processing.

2) Categories of Data

  • Identification & contact: name, company, role, email, phone, address, country, VAT ID.

  • Contract & billing: orders, invoices, payment status/IDs (we do not store full card details).

  • Support & diagnostics: tickets, attachments/logs you provide; optional diagnostic/telemetry (plugin version, WP/PHP versions, error traces). Telemetry—if any—is opt-in/opt-out in settings and kept minimal.

  • Usage/website: cookie identifiers, truncated IP, device/browser, timestamps, pages viewed (per Cookie/Privacy Policies).

  • Custom development inputs: specs, staging URLs/credentials you share, content samples needed to reproduce issues (may incidentally include personal data—please minimise before sharing).

3) Recipients & Disclosures

Personal data may be disclosed to:

  • Processors (acting on our instructions): hosting/CDN, email providers, helpdesk, license/update delivery, payment processors, analytics/error monitoring (listed in our Privacy Policy/contract annex).

  • Public authorities when legally required.

  • Professional advisers (legal/accounting) under confidentiality.

We do not sell personal data.

4) International Transfers

Where processors are outside the EEA/UK, we rely on valid safeguards (e.g., Standard Contractual Clauses or adequacy decisions). Details available on request.

5) Retention

  • Contract/billing records: statutory periods (typically 5–10 years).

  • Account/license/support: for the contract term and up to [2–3 years] after last interaction, unless law requires longer.

  • Telemetry/analytics: the shortest feasible period (e.g., [6–12 months]) or aggregated/anonymised thereafter.
    We delete or anonymise when no longer necessary.

6) Security

We apply proportionate measures: encrypted transport, access controls, least-privilege, logging, backups, vulnerability management. No system is 100% secure, but we work to reduce risks.

7) Marketing, Remarketing & Cookies

  • Marketing emails are based on consent (opt-in) and include unsubscribe links.

  • Remarketing/analytics cookies (if used) operate with consent where required. Manage preferences via our cookie banner and browser settings. See our Cookie Policy for providers, purposes, and lifetimes.

  • Where required by law, non-essential cookies are set only after obtaining user consent.

8) Automated Decisions & Profiling

  • We do not make decisions producing legal or similarly significant effects solely by automated means.

  • Limited profiling may occur for remarketing/segmentation with your consent and is non-intrusive.

  • This does not affect your statutory rights under the GDPR.

9) Your Rights (GDPR)

You can exercise:

  • Access to your data; Rectification; Erasure; Restriction; Portability; Objection (legitimate interests/marketing); Withdraw consent at any time.
    Requests: [email protected]. We may verify identity before action.

You also have the right to complain to the Romanian DPA (ANSPDCP) or your local authority.

10) Custom Plugin Development – Additional Notes

  • Minimal sharing: Please avoid sending real personal data in tickets/specs. Where needed, provide masked data or staging with anonymised content.

  • Staging access: If you share credentials, do so via a secure channel; we use them only for debugging agreed scope and delete them after resolution.

  • Code & repositories: If we access your repo, we process only data necessary to deliver the agreed work; we won’t extract unrelated personal data.

  • Subprocessors for build/CI: If used (e.g., error trackers, CI/CD), they’ll be listed in an Annex – Subprocessors upon request.

  • When Clients use our plugins on their own websites, they act as independent data controllers for their end users. BITSTRUCT SRL processes only the data it receives directly in relation to licensing, support, and services.

11) Contact for Data Requests

BITSTRUCT SRL – Data Protection
Email: [email protected]
Postal: 8 Balta Pasărea Street, Tunari, Ilfov, Romania

Go to VerseLabWP homepage
Where WordPress ends, custom development begins.
⭐ Review us on Trustpilot
Products
NeuroContent DuplicateKiller Office Hours Status
Company
Term of Use Privacy Policy Cookie Policy License
© Copyright 2025 BITSTRUCT SRL. All Rights Reserved.