1. Introduction

Codematic Technology Services (“Codematic,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, process, and disclose information, including personal data, in conjunction with your access to and use of our website (www.codematic.io), our managed IT services, and our software development services (collectively, the “Services”).  

We provide managed IT services and custom software development primarily for business clients. This policy applies to visitors to our website, potential clients, current clients, and any individuals whose personal data we may process in the course of providing our Services.

2. Information We Collect

We collect different types of information depending on your interaction with us:

  • Information You Provide Directly:
    • Contact Information: Name, email address, phone number, job title, company name when you fill out contact forms, request a quote, subscribe to newsletters, or communicate with us directly.
    • Support Information: Information you provide when seeking technical support or assistance.
  • Information Collected Automatically:
    • Log Data and Device Information: When you visit our website, we automatically collect log data (IP address, access times, hardware/software information, browser type, operating system) and device information.
    • Usage Information: Information about your interactions with our website, such as pages viewed, links clicked, and time spent on pages, collected through cookies and similar technologies.
  • Information Related to Services (Client Data):
    • When providing managed IT or software development services, we may access, process, or store data provided by our clients or generated through the systems we manage or build. This data may contain personal information belonging to our clients’ employees, customers, or users. In these instances, Codematic typically acts as a Data Processor on behalf of our client (the Data Controller), processing such data based on their instructions as outlined in our service agreements. Our clients are responsible for ensuring they have the necessary legal basis and permissions to provide this data to us for processing.

3. How We Use Your Information

We use the information we collect for various purposes, including:

  • Providing and Managing Services: To deliver, maintain, and improve our managed IT and software development services as per our contractual agreements with clients.  
  • Communication: To respond to your inquiries, provide customer support, send service-related announcements, updates, security alerts, and administrative messages.
  • Sales and Marketing: To send promotional messages, marketing materials, and other information that may be of interest to you (where permitted by law and with your consent, if required). You can opt-out of marketing communications at any time.
  • Website Improvement: To understand how users interact with our website, analyze trends, and improve user experience and functionality.
  • Security and Compliance: To detect and prevent fraud, abuse, security incidents, comply with legal obligations (like responding to subpoenas or court orders), enforce our terms of service, and protect our rights and the rights of others.
  • Client Data Processing: To perform the specific tasks requested by our clients as outlined in our service agreements, acting as a Data Processor.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. We generally process personal data based on:  

  • Contractual Necessity: Processing is necessary to perform a contract with you (e.g., providing our Services).
  • Legitimate Interests: Processing is necessary for our legitimate interests (e.g., operating our website, providing support, marketing, security), provided these interests are not overridden by your data protection interests or fundamental rights and freedoms.
  • Consent: Where required by law, we will obtain your consent before processing your personal data (e.g., for certain marketing activities or use of non-essential cookies). You can withdraw your consent at any time.
  • Legal Obligation: Processing is necessary to comply with a legal obligation.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • With Service Providers: We may share information with third-party vendors, consultants, and other service providers who perform services on our behalf (e.g., hosting providers, payment processors, analytics providers, CRM platforms). These providers are contractually obligated to protect your data and use it only for the services they provide to us.  
  • With Clients (as Data Processor): When processing data on behalf of our clients, we share information as directed by the client and as necessary to fulfill our contractual obligations.
  • For Legal Reasons: We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Codematic, our clients, or others.  
  • Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company, your information may be transferred as part of that transaction. We will notify you of such changes.  
  • With Your Consent: We may share information with third parties when we have your explicit consent to do so.

6. Data Security

We implement appropriate technical and organizational security measures designed to protect the security of any personal information we process. These measures include encryption, access controls, firewalls, and regular security assessments. However, please remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.  

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). For client data processed on behalf of clients, we retain data according to the client’s instructions or as required by our service agreements. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.  

8. International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. If you are located in the EEA, UK, or Switzerland, this may mean transferring your data outside of these regions. We will take appropriate safeguards to ensure that your personal data remains protected in accordance with this Privacy Policy and applicable law, such as using Standard Contractual Clauses (SCCs) approved by the European Commission or relying on adequacy decisions where applicable.  

9. Your Data Protection Rights (GDPR and others)

Depending on your location and applicable law, you may have the following rights regarding your personal data:

  • Right to Access: You have the right to request copies of your personal data.
  • Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.  
  • Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal data, under certain conditions.  
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.  
  • Right to Object to Processing: You have the right to object to our processing of your personal data based on legitimate interests, under certain conditions.  
  • Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.  
  • Right to Withdraw Consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.  
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data infringes applicable data protection laws.  

10. How to Exercise Your Rights & Data Deletion Requests

To exercise any of these rights, including requesting the deletion of your data, please contact us via email at [email protected]

Please clearly state your request in the subject line and body of the email (e.g., “Data Subject Access Request,” “Data Deletion Request”). We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We will respond to your request within the timeframes required by applicable law (typically within one month under GDPR).  

11. Children’s Privacy

Our Services are not directed to individuals under the age of 16 (or the relevant age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a child without verification of parental consent, we will take steps to delete that information.  

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on our website and updating the “Last Updated” date at the top. We encourage you to review this Privacy Policy periodically.