Data Collection
- Account information — name, email, organisation
- Usage analytics — anonymised interaction data
- Document content — processed for retrieval, not retained beyond purpose
- Technical data — IP address, browser, device information
Data Processing
All personal data is processed on lawful bases as defined by GDPR, including contractual necessity, legitimate interest, and explicit consent where required. We adhere to the principle of purpose limitation — data collected for one purpose is never repurposed without additional consent. Processing activities are documented in our Record of Processing Activities (ROPA) and reviewed quarterly.
Data Storage & Retention
| Data Type | Retention Period | Location |
|---|---|---|
| Account data | Duration of account + 30 days | EU |
| Usage analytics | 12 months | EU |
| Document content | Processing only (not retained) | Customer infrastructure |
| Logs | 90 days | EU |
Third-Party Sharing
User Rights
Access
Request a copy of your data
Rectification
Correct inaccurate data
Erasure
Right to be forgotten
Portability
Export your data
GDPR Compliance
Condelo has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with GDPR and related regulations. We conduct Data Protection Impact Assessments (DPIAs) for any high-risk processing activities. In the event of a data breach, we follow a documented breach notification procedure and will notify affected individuals and the relevant supervisory authority within 72 hours as required by GDPR.
Contact
For privacy-related enquiries, contact us at privacy@condelo.com. To reach our Data Protection Officer directly, email dpo@condelo.com. We aim to respond to all data subject requests within 30 days.