Legal
Last updated: May 2025 · GDPR Compliant
The controller responsible for the processing of your personal data under the General Data Protection Regulation (GDPR) is:
Pluco Groups SP.ZOo — Desivo Consulting Group
Ksawerow 3, 02-656 Warsaw, Poland
Email: support@desivo.de
Phone: +48 795 010 135
We collect and process the following categories of personal data:
We process your personal data for the following purposes, each with a corresponding legal basis under GDPR Article 6:
Provision of services (Art. 6(1)(b) — Contract): To register your account, provide access to the client portal, and deliver the consulting services you have engaged us for.
Communication (Art. 6(1)(b) — Contract / Art. 6(1)(f) — Legitimate Interest): To respond to contact form submissions, send project updates, invoices, and service-related notifications.
Legal compliance (Art. 6(1)(c) — Legal Obligation): To maintain invoicing and accounting records as required by Polish and EU law.
Security (Art. 6(1)(f) — Legitimate Interest): To authenticate users, protect the client portal from unauthorized access, and detect fraud.
Email verification (Art. 6(1)(b) — Contract): To verify ownership of the email address provided during registration before granting portal access.
We retain personal data only for as long as necessary for the purposes for which it was collected:
— Account and client data: retained for the duration of the client relationship and for 3 years thereafter, in accordance with our contractual obligations and legitimate interests.
— Invoice and financial records: retained for 5 years as required by Polish accounting law.
— Contact form submissions: retained for 12 months, or for as long as necessary to respond to your inquiry.
— Session cookies: expire after 14 days or upon logout.
We use the following third-party services that may process personal data on our behalf:
Google Firebase (Google LLC) — Authentication and Firestore database. Data may be stored in the EU or US. Google processes data under Standard Contractual Clauses.
Zoho Mail / SMTP Provider — For sending transactional emails such as verification codes and welcome messages.
Vercel Inc. — Hosting of the Desivo website and client portal. Data is processed in accordance with Vercel's data processing agreement.
We do not sell or rent personal data to third parties. We do not use personal data for advertising profiling.
We use only strictly necessary cookies required for the operation of the website and client portal:
— __session: An httpOnly session cookie used to authenticate logged-in clients. This cookie is essential and cannot be disabled while using the portal. It expires after 14 days.
We do not use advertising cookies, analytics cookies from third-party providers, or social media tracking cookies. You can clear cookies at any time through your browser settings.
As a data subject under the GDPR, you have the following rights:
To exercise any of these rights, contact us at support@desivo.de. We will respond within 30 days. You also have the right to lodge a complaint with the Polish supervisory authority (UODO): uodo.gov.pl.
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include encrypted transmission (HTTPS/TLS), httpOnly session cookies, password hashing, and access controls on our Firestore database. Despite these measures, no system can guarantee absolute security. You use the portal at your own risk and should use a strong, unique password.
We may update this Privacy Policy from time to time. Where changes are material, we will notify registered clients by email. The current version is always available at desivo.de/privacy.