This Privacy & Data Deletion Policy describes how v2.piirz.com (“we”, “our”, “us”) processes personal data in compliance with Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”) and other applicable data protection laws.

1. Data Controller
   PiirZ EMEA LTD
   Registered Office: [Insert full registered address in Malta]
   Email: privacy@piirz.com
   For all purposes under GDPR Articles 4(7) and 24, PiirZ EMEA LTD is the Data Controller for processing activities on v2.piirz.com.

2. Categories of Personal Data Collected (GDPR Article 14)
   We collect only the data necessary for the provision, security, and improvement of our services:

• Identification Data: name, email address, company name, role/title
• Authentication Data: account credentials, tokens, access logs
• Technical Data: IP address, device identifiers, browser type/version, operating system
• Usage Data: service interaction logs, preferences, settings
• Communication Data: enquiries, support tickets, chat or email correspondence
• Legal Basis for Processing (GDPR Article 6)

 

Processing is conducted on one or more lawful bases:

• Article 6(1)(b): performance of a contract or pre-contractual steps
• Article 6(1)(c): compliance with legal obligations
• Article 6(1)(f): legitimate interests in ensuring security, fraud prevention, and service improvement
• Article 6(1)(a): consent, where expressly provided
• Purposes of Processing (GDPR Articles 5 and 6)

Personal data is processed exclusively for:

• User registration, authentication, and service access
• Service operation, monitoring, and optimisation
• Troubleshooting, incident management, and fraud prevention
• Compliance with statutory and regulatory obligations
• Development and enhancement of functionalities

5. Data Retention (GDPR Articles 5(1)(e) and 25)
   We retain personal data only for the period necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law. Upon expiry, data is securely deleted or anonymised. Backup data is overwritten within the defined retention cycle and is not used for operational purposes.

6. Data Security (GDPR Articles 5(1)(f) and 32)
   Appropriate technical and organisational measures are implemented, including:

• Encryption of data in transit and at rest

• Role-based access controls and authentication

• Regular security audits and vulnerability assessments

• Incident detection and response procedures

7. Data Sharing and Transfers (GDPR Articles 13(1)(e), 28, 44–50)
   Personal data is not sold. It may be shared with:

• Data processors acting under written agreements compliant with GDPR Article 28

• Competent authorities where required by law (GDPR Article 6(1)(c))

• Other entities within our corporate group, under equivalent safeguards
  Where transfers occur outside the EEA, safeguards such as Standard Contractual Clauses (GDPR Articles 46 and 47) are applied.

8. Data Subject Rights (GDPR Articles 12–23)
   You have the right to:

• Access your data (Article 15)

• Rectify inaccuracies (Article 16)

• Request erasure (“right to be forgotten”) (Article 17)

• Restrict processing (Article 18)

• Data portability (Article 20)

• Object to processing (Article 21)

• Withdraw consent at any time (Article 7(3)) without affecting prior lawful processing

Requests should be sent to privacy@piirz.com. We will respond within one month of receipt, extendable by two months in complex cases (Article 12(3)).

9. Data Deletion Procedure (GDPR Article 17)
   Upon a verified erasure request:

• Data is removed from active systems without undue delay

• Backups are purged within their standard retention cycle

• Written confirmation is provided to the requester
  Requests may be refused only where processing is required by law or for legal claims, in accordance with Article 17(3).

10. Automated Decision-Making (GDPR Article 22)
    We do not engage in automated decision-making producing legal or similarly significant effects without human intervention.

11. Changes to This Policy (GDPR Articles 12 and 13)
    This policy may be updated to reflect operational, technical, or legal changes. The latest version will always be available at v2.piirz.com, with the effective date clearly indicated.

Effective Date: 23/10/2025