Privacy & Data Security Policy
DATA_PROTECTION_PROTOCOL: ACTIVE
ENCRYPTION: AES-256-GCM
REGION: AZURE EU WEST
1. Data Controller
The data controller is DevConcept Venture Lab, headquartered at ul. Romualda Mielczarskiego 121, 25-611 Kielce. NIP: 9591437100, REGON: 260030117. We operate in the following sectors: Programming (62.10.B) and R&D in technical sciences (72.10.Z).
2. Purpose and Legal Basis (GDPR)
Data is processed for the following purposes: Service execution and B2B contact (Art. 6(1)(b) GDPR). Ensuring network and information security (Art. 6(1)(f) GDPR – legitimate interest). Protection against claims and archiving (statutory requirements). Data recipients are exclusively trusted critical infrastructure providers (e.g., Microsoft Azure), guaranteeing standards compliant with GDPR (Data Processing Agreements).
3. Security Standards & AI Protection
We use a Defense-in-Depth model. Key measures: Cryptography: AES-GCM-SIV (Data at Rest) and TLS 1.3+ (Data in Transit). AI Isolation: In accordance with the EU AI Act, Client project data is technically isolated and not used to train public AI models. It remains the exclusive intellectual property of the Partner.
4. Data Subject Rights
Users have the right to: access, rectification, erasure ("right to be forgotten"), restriction of processing, and data portability. You also have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO) if you believe the processing violates GDPR regulations. Privacy contact: biuro@devconcept.eu
5. Data Retention
Data is processed only for the period necessary to achieve operational goals or until the statute of limitations for claims expires/tax obligation expires (maximum 5 tax years from the end of the calendar year).