Privacy Policy
Information Notice Pursuant to Article 13 of Regulation (EU) 2016/679 ("GDPR")
This Privacy Policy outlines how we process your personal data collected through this website, in accordance with Article 13 of Regulation (EU) 2016/679 (General Data Protection Regulation).
Please note that this privacy statement applies exclusively to our website. It does not extend to other websites that you may access via links present on our site, even if they are under our domain name. We are not responsible for the privacy practices or content of third-party websites.
Applicability of GDPR
This Policy applies to the processing of personal data of data subjects who are in the European Union (EU) or European Economic Area (EEA), where such processing relates to:
- The offering of goods or services to such data subjects in the EU/EEA, irrespective of whether a payment of the data subject is required.
- The monitoring of their behavior as far as their behavior takes place within the EU/EEA.
1. Data Controller
Pursuant to Article 4 and Article 24 of Regulation (EU) 2016/679, the Data Controller is:
EnCata Product Development, Ltd. Republic of Belarus, Minsk, Soltys Str. 187 Represented by its legal representative.
You can contact the Controller at any time via email at: info@encata.net
2. Processed personal data
Personal data refers to any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (such as name, last name, date of birth, address, email, telephone number).
Categories of Data Processed
We collect and process various categories of personal data depending on your interaction with our website:
Browse Data:
- Description: During their ordinary course of operation, the IT systems and software procedures required to run this website acquire certain personal data, whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified Data Subjects but, by its very nature, it could enable identification of the users through the processing and matching of data held by third parties. This data category includes IP addresses or domain names of computers used by the users who visit the site, as well as the URI addresses (Uniform Resource Identifier) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in reply, the numerical code indicating the status of the reply from the server (done, error, etc.) and other parameters related to the operating system and the IT environment of the user.
- Purpose: These data are primarily used to obtain anonymous statistical information on the use of the website, to control its correct functioning, and to ensure network and information security.
- Legal Basis: Legitimate interest (Article 6, paragraph 1, letter (f) GDPR), as the processing is necessary for the proper technical functioning, security, and optimization of the website, which outweighs the minimal impact on individual privacy due to its anonymized nature.
- Retention Period: These data are generally cancelled immediately after processing or retained only for the duration of the Browse session.
Legal Defence:
- Description: The user’s personal data may be used by the owner of the website in a legal defence, or during the preparatory stages of potential proceedings, against any abuse by the user of the website or its connected services. This data may also be used to ascertain responsibility in the event of any potential crimes, including computer crimes, against the Controller.
- Purpose: To protect our legal rights and interests, and to investigate potential misuse or criminal activity.
- Legal Basis: Legitimate interest (Article 6, paragraph 1, letter (f) GDPR), which consists of protecting our legal interests and defending our rights in case of legal disputes or security incidents. This processing is necessary for the establishment, exercise or defence of legal claims.
- Retention Period: Data will be retained for the duration necessary to manage the legal defense, potential proceedings, or investigations, and in accordance with applicable statutory limitation periods.
Maintenance:
- Description: The user’s personal data may be processed due to additional procedures and purposes linked to the maintenance of the website.
- Purpose: To ensure the proper functioning, security, and updates of the website and related services.
- Legal Basis: Legitimate interest (Article 6, paragraph 1, letter (f) GDPR), as essential for ensuring the continuous availability and security of our online services.
- Retention Period: Data is retained only for the period necessary to perform the maintenance tasks.
Data provided voluntarily by the user:
- Description: The optional and voluntary disclosure of personal data (e.g., dispatching of electronic mail to the addresses indicated on this website and/or the completion of a data collection form on this website) entails the acquisition and processing of the voluntarily disclosed user’s data (e.g., sender’s address, name, last name), necessary to reply to the request, as well as other personal data included in the email message (such as name, last name, address, telephone number, email address).
- Purpose: To respond to user inquiries, provide requested services, and facilitate communication.
- Legal Basis: Consent (Article 6, paragraph 1, letter (a) GDPR), provided voluntarily by the user when submitting the data, or performance of a contract/pre-contractual steps (Article 6, paragraph 1, letter (b) GDPR) if the request relates to entering into a contract.
- Retention Period: Data is retained for the period necessary to fulfill the request and for subsequent record-keeping as specified in Section 6.
Cookies
This website uses cookies and similar technologies to enhance your experience. Cookies are small text files that can be used by websites to make a user’s experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your permission.
We categorize the cookies used on our website as follows:
Strictly Necessary Cookies:
- Purpose: These cookies are essential for the website to function properly and enable basic functionalities like page navigation, accessing secure areas of the website, and remembering your consent preferences. The website cannot function properly without these cookies.
- Legal Basis: Legitimate interest (Article 6, paragraph 1, letter (f) GDPR), as they are fundamental for the technical provision of the service you request.
- Storage Time: Typically session-based or persistent for a short duration (e.g., a few hours to a few days) to remember preferences.
Analytical/Performance Cookies:
- Purpose: These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. They allow us to measure and improve the performance of our site, for example, by counting visits and identifying traffic sources.
- Legal Basis: Your explicit consent (Article 6, paragraph 1, letter (a) GDPR).
- Storage Time: Varies, from session-based to persistent for up to 2 years, depending on the specific analytical tool.
Functionality Cookies:
- Purpose: These cookies allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features.
- Legal Basis: Your explicit consent (Article 6, paragraph 1, letter (a) GDPR).
- Storage Time: Varies, from session-based to persistent for up to 1 year.
Targeting/Advertising Cookies:
- Purpose: These cookies are used to deliver advertisements more relevant to you and your interests. They are also used to limit the number of times you see an advertisement and help measure the effectiveness of advertising campaigns. They are usually placed by advertising networks with the website operator’s permission.
- Legal Basis: Your explicit consent (Article 6, paragraph 1, letter (a) GDPR).
- Storage Time: Varies, often persistent for up to 2 years.
Some cookies are placed by third-party services that appear on our pages. You can at any time change or withdraw your consent from the Cookie Consent banner on our website or by managing your browser settings. Opting out of certain cookies may impact your Browse experience and the functionality of some parts of the website.
3. Purposes and lawfulness of the processing
Your personal data will be processed in accordance with the requirements for lawful processing set forth in Article 6 of Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR).
Purposes of Data Processing and Corresponding Legal Bases
Browse Data:
- Purpose: To obtain anonymous statistical information on website usage and to ensure its correct functioning.
- Legal Basis: Data processing for this purpose is carried out on the basis of Article 6, paragraph (a) of Regulation (EU) 2016/679 (data subject's consent), implied by consent to the use of cookies or similar tracking technologies for collecting anonymous statistical data.
Information/Service Requests:
- Purpose: To send information or provide services as requested by the user through the completion of a data collection form or by requesting information/services.
- Legal Basis: Data processing for this purpose is carried out on the basis of Article 6, paragraph (a) of Regulation (EU) 2016/679 (data subject's consent), expressed when completing the form and submitting the request.
Marketing Communications (newsletter, surveys, promotions):
- Purpose: To send newsletters, periodic satisfaction surveys, special offers and promotions, and other general marketing communications by email.
- Legal Basis: Data processing for this purpose is carried out on the basis of Article 6, paragraph (a) of Regulation (EU) 2016/679 (data subject's consent), obtained when completing the newsletter subscription form. The user has the right to withdraw this consent for receiving marketing communications at any time.
Administrative and Accounting Activities:
- Purpose: Administrative and accounting management related to the performance of organizational, administrative, financial, and accounting activities.
- Legal Basis: Data processing for this purpose is carried out on the basis of Article 6, paragraphs (b) and (c) of Regulation (EU) 2016/679.
- Article 6, paragraph (b): Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (applicable to contractual obligations).
- Article 6, paragraph (c): Processing is necessary for compliance with a legal obligation to which the controller is subject (applicable to legal obligations).
4. Personal data recipients
Your personal data may be communicated to various categories of recipients who process your data as data processors (Article 28 of Regulation (EU) 2016/679) or as individuals acting under the authority of the Controller (Article 29 of Regulation (EU) 2016/679), for the purposes described above. Your personal data may be communicated to third parties belonging to the following categories:
- IT and Telecommunications Service Providers: This includes providers for the management of our information systems, telecommunication networks, email services, newsletter platforms, and website management services. Examples include cloud hosting providers, email service providers, and content delivery networks.
- CRM and Analytics Service Providers: Companies providing customer relationship management (CRM) platforms and web analytics services to help us manage customer interactions and understand website usage patterns.
- Professional Advisors: This category includes professionals, law firms, accounting firms, or other consultancy companies that provide us with legal, accounting, financial, or other expert advice.
- Marketing and Advertising Partners: Providers of marketing automation platforms, advertising services, and social media platforms for the purpose of delivering relevant marketing communications with your consent.
- Payment Processors: If applicable, third-party payment service providers necessary for processing transactions.
- Competent Authorities: Public bodies, regulatory authorities, or other competent authorities, upon request, for the fulfillment of legal and/or regulatory obligations.
The aforementioned subjects will act as data processors or may carry out their processing activities as independent data controllers. The list of respective appointed data processors is constantly updated and is available at the Controller’s headquarters and by contacting us at info@encata.net.
5. Data transfer to third countries
Please be aware that EnCata is located in Belarus, which is a country outside the European Union (EU) and the European Economic Area (EEA). This means that your personal data will be subject to transfers to a third country.
Your personal data may be communicated to companies contractually involved with the Controller, located both inside and outside the European Union, in order to comply with contractual obligations or related purposes. Such transfers will occur subject to the limits and conditions set forth by Article 44 and subsequent articles of Regulation (EU) 2016/679.
We ensure that all transfers of personal data to third countries are carried out with appropriate safeguards as required by the GDPR. These safeguards are designed to ensure that your personal data receives a level of protection equivalent to that within the EU/EEA. The safeguards we primarily rely on include:
- Standard Contractual Clauses (SCCs): These are model data protection clauses adopted by the European Commission, which provide contractual commitments to protect data transferred outside the EU/EEA.
- Binding Corporate Rules (BCRs): For intra-group transfers, if applicable, these are internal rules adopted by multinational groups of companies to ensure the protection of personal data when it is transferred across borders.
- Adequacy Decisions: In some cases, the European Commission may have adopted an "adequacy decision" for a particular country, deeming its data protection laws to be equivalent to those in the EU.
The data subject may obtain information on the specific appropriate safeguards provided by the Controller pursuant to Article 46 of Regulation (EU) 2016/679 relating to the transfer of personal data by writing to info@encata.net.
6. Methods of data processing – data retention
Processing will be carried out using methods and tools designed to ensure the highest level of security and confidentiality, by individuals specifically appointed to perform such processing activities pursuant to Articles 28 and 29 of Regulation (EU) 2016/679. In accordance with the provisions set forth in Article 5, paragraph 1, letter (e) of Regulation (EU) 2016/679, collected personal data will be kept in a form which permits identification of data subjects for a period not exceeding the purposes for which the personal data were collected and subsequently processed.
The specific data retention periods depend on the purpose for which the data was collected, as detailed below. If a precise retention period cannot be determined in advance, we establish criteria for determining the appropriate period, ensuring that data is not kept longer than necessary.
Technical Navigation Data (for website functionality):
- Purpose: To ensure the correct functioning of the website and to obtain anonymous statistical information.
- Retention Period: Data is retained only for the duration of the Browse session, after which it is automatically deleted or anonymized. This includes session cookies and temporary usage data.
Information and Service Request Data:
- Purpose: To reply to information requests, provide requested services, and manage related communications.
- Retention Period:
- For general contact and information requests (where no service agreement is formed): Data will be retained for a maximum of 12 months from the last communication, to allow for follow-up and record-keeping of inquiries.
- For data related to the provision of a service (where a contract or agreement is in place): Personal data contained within administrative, accounting, and financial documentation directly related to the provision of a service will be retained for 10 years following the completion of the service or the end of the contractual relationship. This period aligns with legal requirements for the retention of business records.
Administrative / Accounting / Financial Management Data:
- Purpose: For the general administrative, accounting, and financial management of our operations.
- Retention Period: Personal data processed for these purposes will be retained for a period of 10 years. This retention period is mandated by applicable laws for the conservation of administrative, accounting, and financial documentation.
Criteria for Determining Retention Periods (where specific periods are not predefined):
In cases where a fixed retention period is not explicitly stated above, we determine the appropriate retention period based on the following criteria:
- Necessity for the original purpose: We assess whether the data is still needed for the purpose(s) for which it was collected.
- Legal and regulatory obligations: We consider any applicable laws, regulations, or court orders that require us to retain the data for a certain period.
- Establishment, exercise, or defense of legal claims: Data may be retained for as long as necessary to protect our legal interests, including the initiation or defense of legal claims.
- Industry best practices: We consider common industry standards and best practices for data retention.
- Data minimization principles: We strive to retain data for the shortest possible time, consistent with our obligations and the purposes of processing.
Once the retention period expires or the criteria for retention are no longer met, your personal data will be securely deleted or anonymized.
7. Nature of data provision and refusal
The provision of your personal data through the data collection form or provided in specific websites areas is optional but necessary. The refusal to provide your personal data will entail the impossibility to provide you with the services requested through the website and to obtain the information requested.
8. Data subject’s rights
You may exercise your rights pursuant to articles 15, 16, 17, 18, 19, 20, 21, 22 of the Regulation EU 2016/679, in respect of and against each of the controllers, by contacting the controllers at the following contacts: info@encata.net or writing at Controller’s headquarters.
You have the right, at any time, to request the data Controller to access your personal data and to receive the information concerning their processing such as the purposes of the processing, the categories of personal data concerned, the recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, the existence of automated decision-making, including profiling. You have the right to rectify, erase your personal data or limit their processing. Where the processing is based on point (a) of Article 6(1) or point (a) of Article 9(2), you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You have the right to be informed of the appropriate safeguards pursuant to Article 46 of the Regulation (EU) 2016/679 relating to the transfer of your personal data. You have the right to the portability of your personal data; in such case the Controller shall provide you with your personal data in a structured, commonly used and machine-readable format, and you have the right to transmit those data to another controller. Furthermore, you have the right to object, at any time, to the processing of your data which is based on point (e) or (f) of Article 6(1) of the Regulation (EU) 2016/679, including profiling based on those provisions. Where your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing (including profiling to the extent that it is related to such direct marketing). You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. Without prejudice to any other administrative or judicial remedy, if you consider that the processing of your personal data infringes the Regulation (EU) 2016/679, you have the right to lodge a complaint with a supervisory authority.
9. Changes to this privacy policy statement
The Data Controller reserves the right to amend, update, supplement or remove parts of this Privacy Policy Statement at its own discretion and at any time. We encourage you to periodically review our Privacy Statement. For your convenience, when we post changes, we will revise the “last updated” date at the bottom of the statement. By using the website following the publication of any amendments, you agree to these changes.
Last updated: August 01, 2025
Data Controller – EnCata Product Development, LTD