Introduction
This Data Protection Policy describes how Soluzyn OÜ governs the processing, retention, and classification of personal and operational data across our technology operations and this website.
It supplements our Privacy Policy and applies to employees, contractors, and systems involved in data handling.
Data Processing Notice
We process personal data only for specified, explicit, and legitimate purposes and do not further process data in a manner incompatible with those purposes.
Processing activities related to this website include hosting and delivery of content, handling contact enquiries, security logging, and cookie management as described in our Cookie Policy.
Where we engage processors, we ensure appropriate contracts and safeguards are in place.
Retention Policy
We apply retention schedules based on the nature of the data, legal requirements, and operational necessity.
- Contact form and enquiry records: typically up to 24 months after last interaction, unless a longer period is required for legal claims or contractual obligations.
- Server and security logs: typically up to 90 days, unless extended for incident investigation.
- Cookie consent records: as required to demonstrate compliance, typically up to 12 months.
- Business correspondence: in accordance with applicable accounting and legal record-keeping requirements.
Data Classification Policy
We classify information to ensure appropriate handling controls:
- Public: information intended for public disclosure, such as marketing content on our website.
- Internal: operational information not intended for public release.
- Confidential: business, technical, or personal data requiring restricted access and protection.
- Restricted: highly sensitive data subject to enhanced controls; we minimise collection of such data via this website.
Security and Accountability
We maintain technical and organisational measures including access controls, encryption in transit where supported, secure development practices, and staff awareness.
Data protection impact assessments are conducted where required by law or where processing presents elevated risk.
Privacy by Design and by Default
We implement privacy by design and privacy by default in accordance with GDPR Article 25. Data collection via this website is limited to what is necessary for stated purposes.
Default settings favour minimal processing: non-essential cookies and analytics are not enabled without consent.
Encryption
We use TLS (HTTPS) for data in transit between your browser and our servers. Sensitive data at rest within our controlled environments is protected using industry-standard encryption and access controls provided by our cloud infrastructure.
Access Control
Access to personal and operational data is granted on a need-to-know basis using role-based access controls, strong authentication for administrative systems, and periodic access reviews.
Incident Response
We maintain incident response procedures covering detection, containment, assessment, notification, and remediation. Personal data breaches are assessed against GDPR Articles 33 and 34 and reported to supervisory authorities and affected individuals where required.
Backup, Recovery, and Audit
Operational backups are performed according to defined schedules with restoration testing. Audit logs support security investigations and accountability. Internal reviews of data handling practices are conducted periodically and after material changes.
Contact
For data protection enquiries:
Soluzyn OÜ, an Estonia-registered technology company operating the Paycavix brand.
Address: Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 15551, Estonia
Email: info@paycavix.com
WhatsApp: +372 5845 3128
Website: https://paycavix.com