Privacy Policy

1. What Information Do We Collect?

We may collect the following categories of personal data:

• Identifiable information, such as full name, email address, telephone number, or other contact details, primarily used to create accounts, deliver Services, or communicate with you.

• Technical and usage data, including data collected via cookies or similar technologies, such as IP address, browser type, and usage patterns.

• Aggregated and anonymized statistics, such as feature usage or interaction trends, used to improve our Services.

2. Purposes and Legal Basis of Processing

Personal data is processed for the following purposes and legal bases under Article 6 GDPR:

• Provision of Services (performance of a contract)

• Communication and support, including responding to inquiries (legitimate interest or contract)

• Analytics and service improvement (legitimate interest)

• Marketing communications where applicable (consent)

• Legal compliance, fraud prevention, security monitoring, and enforcement of legal rights (legal obligation or legitimate interest)

We may be required to disclose personal data to public authorities where legally required.

3. Third-Party Services

ANALYTICS

We use third-party analytics services to understand website usage and improve user experience:

Managing Contacts and Communications

• EcoMail.cz – EcoMail CZ s.r.o.
  Personal Data: Contact details, usage data
  Processing location: Czech Republic
  Privacy Policy

4. Product-Specific Infrastructure and Hosting

Ective provides multiple products and solutions that may use different technological infrastructures and hosting models, depending on the specific product and deployment type.

• Individual Ective products (including, but not limited to, EctiveXtract) may be hosted in isolated cloud environments operated by Microsoft Azure and other Microsoft services.

• These environments are logically and technically isolated, and customer data is not shared between customers or products.

• No unauthorized third-party data processors have access to customer data stored or processed in these environments.

• Unless explicitly stated otherwise in applicable agreements, Ective acts as a data processor when processing customer data on behalf of customers, who remain the data controller.

The exact infrastructure used is defined by the product architecture and the applicable contractual agreement.

5. Custom Deployments and Customer-Controlled Hosting

For custom deployments of Ective solutions:

• Customers may select the hosting provider and geographic location of the solution (e.g., Microsoft Azure, customer-selected cloud provider, or on-premises), where supported by the offered product.

• Hosting and data residency requirements are agreed during solution design and documented contractually.

• Ective processes personal data strictly in accordance with customer instructions and applicable data protection laws, acting as a data processor.

6. Customer-Hosted Solutions

For solutions hosted directly by the customer:

• The customer acts as the data controller and is responsible for the security, configuration, and compliance of the hosting environment.

• Ective acts as a data processor only to the extent defined in the applicable service agreement.

• Ective is not responsible for data protection compliance, security controls, or access management within customer-hosted environments beyond its contractual obligations.

7. Place of Processing

Personal data is processed at the Controller’s operating offices and in other locations where authorized processors are located.
Depending on the product and deployment model, data may be processed in:

• Microsoft Azure / Microsoft-operated cloud environments

• Customer-selected or customer-hosted infrastructure

Appropriate technical and organizational measures are implemented to ensure a level of security appropriate to the risk, in accordance with Article 32 GDPR.

8. Data Security

We implement industry-standard technical and organizational measures to protect personal data, including:

• Encryption in transit and at rest (where applicable)

• Access controls and least-privilege principles

• Regular security reviews

Despite best efforts, no system can be guaranteed to be 100% secure. Users should notify us immediately of any suspected data breach or unauthorized access.

9. Data Retention

Personal data is retained only for as long as necessary for the purposes for which it was collected, including:

• Contract duration and post-contractual obligations

• Legal and regulatory requirements

• Legitimate business interests

Once retention periods expire, personal data is securely deleted or anonymized.

10. Rights of Data Subjects

Under GDPR, users have the right to:

• Access their personal data

• Rectify inaccurate data

• Erase data ("right to be forgotten")

• Restrict processing

• Object to processing

• Data portability

• Withdraw consent at any time

• Lodge a complaint with a supervisory authority

Requests may be submitted free of charge and will be addressed within one month.

11. Do Not Track Signals

This Application does not respond to “Do Not Track” signals. Users should review third-party privacy policies for their practices.

12. Privacy Policy Changes

We may update this Privacy Policy from time to time. Changes will be published on this page, and continued use of the Services constitutes acceptance of the updated policy.

13. Data Controller

ECTIVE s.r.o.
Karpatské námestie 10A
831 06 Bratislava – Rača
Slovakia
email: info@ective.eu

14. Language

This Privacy Policy was originally drafted in English. In case of discrepancies between translations, the English version shall prevail.

15. Contact

For any questions regarding this Privacy Policy or personal data processing, please contact: info@ective.eu