Data Protection Notice (GDPR)

1. Definitions

  • “Data Controller” means the entity that determines the purposes and means of processing Personal Data.
  • “Data Processor” means a third party that processes Personal Data on behalf of the Data Controller.
  • “Data Subject” means any identifiable natural person whose Personal Data is processed.
  • “Personal Data” means any information relating to an identified or identifiable individual (e.g., name, email, ID number, location data).
  • “Processing” means any operation performed on Personal Data (e.g., collection, storage, use, disclosure, deletion).
  • “Data Incident” means any unauthorized or unlawful access, loss, destruction, or alteration of Personal Data.
  • “Standard Contractual Clauses (SCCs)” means EU-approved safeguards for transferring Personal Data outside the EU/EEA.

2. Data Controller

The Data Controller responsible for your Personal Data is:

4virtus.com doo
Contact Email: contact (at) 4virtus.com

The Data Controller may engage external service providers (Data Processors) who process Personal Data under contractual obligations and appropriate safeguards.

3. Data Collection & Processing

We may collect Personal Data in the following ways:

a) Directly from you:

  • When you register, create an account, or contact us
  • When you subscribe to newsletters or marketing communications
  • When you complete surveys or provide feedback

b) Automatically:

  • Through website usage (cookies, analytics tools)
  • Through application or service usage (log data, device data)

c) During service delivery:

  • Information necessary to provide services (e.g., account data, transaction data)

4. Categories of Personal Data

We may process the following types of data:

  • Identity Data: name, surname
  • Contact Data: email address, phone number
  • Technical Data: IP address, device information
  • Usage Data: interaction with services or platforms
  • Transaction Data: payments, purchases (processed securely via third parties)
  • Location Data (if applicable): only as necessary for service delivery

We do not intentionally collect sensitive data (e.g., health, religion). If such data is collected unintentionally, it will be deleted or anonymized unless legally required.

5. Purposes of Processing

We process Personal Data for the following purposes:

  • Providing and managing services
  • Creating and maintaining user accounts
  • Processing transactions and payments
  • Customer support and communication
  • Improving products and services
  • Marketing and promotional communication (with consent)
  • Legal compliance and regulatory obligations
  • Security, fraud prevention, and system monitoring

6. Legal Basis for Processing

We rely on the following legal bases under GDPR:

  • Consent (Art. 6(1)(a)) – for marketing, newsletters, surveys
  • Contract (Art. 6(1)(b)) – to provide requested services
  • Legal Obligation (Art. 6(1)(c)) – accounting, tax compliance
  • Legitimate Interest (Art. 6(1)(f)) – security, service improvement

You may withdraw consent at any time without affecting prior lawful processing.

7. Data Recipients

Your Personal Data may be shared with:

  • Authorized employees of the company
  • IT, hosting, and cloud service providers
  • Payment service providers
  • Marketing and CRM tools
  • Professional advisors (legal, financial)
  • Public authorities where legally required

All third parties are contractually bound to protect your data.

8. Data Storage & Retention

We store Personal Data securely and only as long as necessary:

  • Active users: for the duration of the relationship
  • After termination: for a limited retention period (e.g., 3–12 months)
  • Legal obligations: as required by law (e.g., accounting records)

Data is deleted or anonymized once no longer required.

9. Data Transfers Outside the EU

If Personal Data is transferred outside the EU/EEA, we ensure protection through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Additional technical safeguards (encryption, access control)

10. Data Security

We implement appropriate technical and organizational measures, including:

  • Encryption
  • Access control
  • Secure storage
  • Regular security audits
  • Staff training

11. Your Rights (GDPR)

You have the following rights:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights related to automated decision-making

You may exercise your rights by contacting us at [contact email].

You also have the right to lodge a complaint with your local data protection authority.

12. Children’s Data

We do not knowingly collect Personal Data from children without parental consent. If such data is identified, it will be deleted.

13. Contact Information

For any questions or requests:

4virtus.com doo
Contact Email: contact (at) 4virtus.com

14. Updates to This Notice

We may update this Notice periodically. Updates will be published on our website or communicated where required.

15. Effective Date

08.05.2026