The data controller responsible for the processing of personal data as described herein is SIGMATIC, a technology services company operating under the laws applicable to its jurisdiction of establishment, with its primary business communications conducted via electronic means including but not limited to electronic mail at partners@sigmatic.systems and the instant messaging platform Telegram at @sigmatic_alex. For the purposes of applicable data protection legislation including, where relevant, Regulation (EU) 2016/679 of the European Parliament and of the Council ("GDPR") and other analogous national or supranational frameworks, the Company acts as the data controller with respect to all personal data collected through the Site and in the course of pre-contractual and contractual client relationships.
This Policy applies to all personal data processed in connection with: (a) visits to and interactions with the Site, including passive data collection through server logs, cookies, and similar technical mechanisms; (b) submissions made through contact forms, email correspondence, or any other communication channel maintained by the Company; (c) pre-contractual inquiries, project briefs, and negotiation communications; (d) active client engagements and the performance of service agreements. This Policy does not apply to third-party websites, platforms, or services that may be linked from the Site, nor does it govern the data practices of third parties with whom the Company engages as independent controllers. The Company expressly disclaims any responsibility for the privacy practices of such third parties.
The Company collects personal data that you voluntarily provide when contacting us, submitting inquiries, or entering into a contractual relationship. Such data may include, without limitation: full name or business alias; electronic mail address; Telegram username or other instant messaging identifiers; telephone number (where provided); description of the requested services or project scope; business or company name; geographic location data provided at your discretion; and any other information you elect to include in your communications. The Company does not solicit or require the submission of sensitive personal data as defined under applicable data protection law, including special categories of data enumerated under Article 9 GDPR, and you are strongly advised not to submit such data unsolicited.
Upon accessing the Site, certain technical data may be collected automatically through server infrastructure, access logs, and similar mechanisms without any action on your part. This includes, but is not limited to: Internet Protocol (IP) addresses and associated geolocation data; browser type, version, and rendering engine; operating system and device classification; referring URL and exit pages; timestamps and session duration metrics; pages accessed and navigation sequences within the Site. Such data is collected for the purposes of ensuring the technical integrity and security of the Site, diagnosing system errors, and generating aggregated, anonymised statistical reports. The Company does not use this data to construct individual behavioural profiles for marketing or advertising purposes.
Where you engage with the Company via electronic mail, Telegram, or other communication channels, the Company retains records of such communications, including the content thereof, metadata, and any attachments or files transmitted, for the duration specified in Section 7 below. Such records may be used for the purposes of project management, dispute resolution, quality assurance, and compliance with applicable legal obligations.
The Company processes personal data only where a lawful basis exists for such processing. Depending on the nature and context of each processing activity, the applicable legal bases include: (a) the performance of a contract to which the Data Subject is party, or in order to take steps at the request of the Data Subject prior to entering into a contract, pursuant to Article 6(1)(b) GDPR or equivalent provisions; (b) compliance with a legal obligation to which the Company is subject, pursuant to Article 6(1)(c); (c) the legitimate interests pursued by the Company or by a third party, where such interests are not overridden by the interests or fundamental rights of the Data Subject, pursuant to Article 6(1)(f), including but not limited to the legitimate interests of maintaining business records, ensuring network and information security, and improving service quality; (d) where none of the foregoing apply, the freely given, specific, informed, and unambiguous consent of the Data Subject, pursuant to Article 6(1)(a), which may be withdrawn at any time without prejudice to the lawfulness of processing based on consent before its withdrawal.
Personal data collected by the Company is processed for the following purposes, each of which is supported by one or more of the legal bases enumerated in Section 4: responding to and evaluating inbound service inquiries and project requests; entering into and performing contractual agreements for the provision of technology services; managing client relationships and associated administrative processes; issuing invoices and processing payments through third-party payment processors where applicable; complying with applicable tax, accounting, and regulatory obligations; ensuring the technical security, availability, and integrity of the Site and associated infrastructure; conducting internal analytics and reporting on an aggregated, non-identifiable basis for business planning purposes; and defending or exercising legal rights in the context of disputes, litigation, or regulatory proceedings. The Company does not process personal data for the purposes of automated decision-making or profiling as defined under applicable data protection law, and does not engage in direct marketing communications without your prior, explicit consent.
Notwithstanding and in addition to the data protection obligations described herein, the Company operates under a standing policy of professional confidentiality with respect to all client engagements. Information relating to client identities, project scope, technical architecture, business strategy, and any other commercially sensitive data disclosed in the course of pre-contractual or contractual communications is treated as strictly confidential and is not disclosed to any third party without the prior written consent of the relevant client. This confidentiality obligation applies to all personnel, contractors, and sub-processors engaged by the Company in connection with client projects. Upon request, the Company will execute a separate Non-Disclosure Agreement ("NDA") with prospective or existing clients prior to the commencement of detailed project discussions. The existence of such an NDA does not limit or supersede the obligations set forth in this Policy; rather, the two instruments operate concurrently and in a complementary manner.
The Company retains personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law or regulation. In practice: data submitted through the Site's contact form and used solely for the purpose of evaluating a service inquiry that does not proceed to a contractual engagement is retained for a period not exceeding twelve (12) months from the date of last substantive interaction; data associated with active or completed contractual engagements is retained for a period of five (5) years from the date of contract termination or completion, in accordance with applicable statutory limitation periods and accounting requirements; server logs and technical access data are retained for a period not exceeding ninety (90) days, after which they are permanently deleted or anonymised; communications data transmitted via Telegram or similar platforms is subject to the retention policies of those platforms in addition to the Company's own practices, and the Company does not exercise independent control over data retained by such platforms. Upon expiry of the applicable retention period, personal data is securely deleted or anonymised in a manner that renders it irrecoverable, except to the extent that continued retention is required by mandatory legal obligation.
The Company does not sell, rent, trade, or otherwise commercially transfer personal data to third parties. Disclosure of personal data to external parties may occur only in the following strictly defined circumstances: (a) to sub-contractors, freelancers, or technical personnel engaged by the Company to assist in the delivery of services to a specific client, subject in each case to written confidentiality undertakings no less protective than those described herein; (b) to payment processors and financial service providers where necessary to process invoices or receive payments, limited to the minimum data required for such purpose; (c) to professional advisors including legal counsel and auditors, on a strictly confidential basis and only to the extent necessary for the engagement in question; (d) to competent public authorities, courts, or regulatory bodies where disclosure is required by applicable law, regulation, court order, or other binding legal process, in which case the Company will, to the extent permissible, endeavour to notify the Data Subject prior to such disclosure; (e) in connection with a corporate transaction such as a merger, acquisition, or sale of assets, provided that the acquiree is bound by data protection obligations at least equivalent to those herein. The Company does not transfer personal data to advertising networks, data brokers, analytics companies, or any other party for the purpose of targeted advertising, behavioural tracking, or commercial profiling.
The Company's operations are distributed across multiple jurisdictions within the European Economic Area ("EEA") and may engage third-party infrastructure providers whose services involve the processing of data outside the EEA. Where such transfers occur, the Company ensures that appropriate safeguards are in place in accordance with Chapter V of the GDPR or equivalent provisions, including but not limited to: the use of Standard Contractual Clauses as adopted by the European Commission; reliance on adequacy decisions issued by the European Commission in respect of the recipient country; or other recognised transfer mechanisms. Data Subjects who require further information regarding the specific mechanisms applicable to international transfers of their personal data may submit a request to the address set forth in Section 13.
The Site employs a limited number of technically necessary cookies essential to the proper functioning of its infrastructure. These cookies do not track users across third-party websites, do not collect personally identifiable information for marketing purposes, and are not shared with advertising networks or analytics platforms. The Company does not use third-party tracking pixels, session replay scripts, fingerprinting technologies, or behavioural analytics tools. Where the regulatory framework applicable to a particular user requires explicit consent prior to the placement of non-essential cookies, the Company will present an appropriate mechanism for obtaining such consent. Refusal of non-essential cookies will not affect your ability to access or use the Site.
Subject to the conditions and limitations prescribed by applicable data protection law, Data Subjects may exercise the following rights with respect to their personal data processed by the Company: (a) the right to obtain confirmation as to whether personal data concerning them is being processed, and if so, to receive a copy of such data along with information regarding the purposes, categories, and recipients of processing (right of access, Article 15 GDPR); (b) the right to obtain rectification of inaccurate personal data and completion of incomplete personal data (right to rectification, Article 16 GDPR); (c) the right to obtain erasure of personal data in the circumstances provided for by applicable law, including where the data is no longer necessary for the purpose for which it was collected (right to erasure, Article 17 GDPR); (d) the right to obtain restriction of processing in the circumstances defined by applicable law (right to restriction, Article 18 GDPR); (e) the right to receive personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller (right to data portability, Article 20 GDPR, where applicable); (f) the right to object, on grounds relating to the Data Subject's particular situation, to processing based on the Company's legitimate interests (right to object, Article 21 GDPR); (g) the right to withdraw consent at any time without prejudice to the lawfulness of prior consent-based processing; and (h) the right to lodge a complaint with a competent supervisory authority. To exercise any of the foregoing rights, Data Subjects must submit a written request to partners@sigmatic.systems. The Company will respond within the timeframe prescribed by applicable law, which is generally thirty (30) calendar days from receipt of a complete and unambiguous request, subject to extension in cases of complexity or volume.
The Company implements and maintains appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Such measures include, without limitation: encryption of data in transit using industry-standard TLS protocols; access controls limiting personal data access to personnel with a legitimate operational need; regular review of data handling practices and security configurations; and contractual obligations imposed on sub-processors and infrastructure providers requiring equivalent security standards. Notwithstanding the foregoing, no method of electronic transmission or storage is entirely secure, and the Company cannot guarantee absolute security. In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, the Company will notify the competent supervisory authority and, where required, the affected Data Subjects, in accordance with the timelines and procedures prescribed by applicable law.
The Company reserves the right to amend, update, or replace this Policy at any time in its sole discretion, including in response to changes in applicable law, regulatory guidance, or operational practices. The current version of the Policy will at all times be made available at sigmatic.systems/privacy/, and the effective date and version number displayed at the top of the document will be updated accordingly. Where amendments materially affect the rights of Data Subjects or the manner in which their personal data is processed, the Company will endeavour to provide notice of such changes through appropriate means, which may include prominent notice on the Site or direct communication to known Data Subjects where contact information is held. Continued use of the Site following publication of an amended Policy constitutes acceptance of the revised terms.
All enquiries, requests, complaints, and communications relating to this Policy or to the processing of personal data by the Company should be addressed in writing to:
SIGMATIC — Data Protection
Electronic mail: partners@sigmatic.systems
Telegram: @sigmatic_alex
Time zone: CET/CEST (UTC+1/+2)
The Company will acknowledge receipt of all data protection enquiries within five (5) business days and will endeavour to resolve substantive requests within the applicable statutory period. Data Subjects who are not satisfied with the Company's response to a request or complaint retain the right to escalate the matter to the competent national supervisory authority for data protection in their jurisdiction of residence.
This document was prepared for informational purposes and does not constitute legal advice. SIGMATIC operates across multiple jurisdictions and applies data protection standards in accordance with the applicable regulatory frameworks of its operational territories. The provisions of this Policy are to be interpreted in a manner consistent with applicable mandatory law, and in the event of any conflict between this Policy and mandatory legal provisions, the latter shall prevail.