Home
Services
Projects
Dedicated Team
Resources
Pricing
Get in Touch

HSoftKerr Privacy Policy

Last updated: September 20, 2025

Definitions

"Controller" means the organization that determines the purposes and means of processing Personal Data. The Controller is SoftKerr, SL (Societat Limitada), registered address: Av. de les Nacions Unides, 40, 6-1, Edifici A Tower, Escala A, AD700 Escaldes-Engordany, Principat d’Andorra.

"EU/EEA Representative" means the person designated under Article 27 GDPR to act on behalf of the Controller in the EU/EEA for data protection matters.

"Processor" means any third party that processes Personal Data on behalf of the Controller.

"Personal Data" means any information relating to an identified or identifiable natural person, such as name, email address, phone number, IP address, or other online identifier, as well as any other information that is linked or linkable to an identified or identifiable natural person.

General

At SoftKerr, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and protect your personal data in connection with our website, services, products, and any related software, documentation, and other materials provided by us (collectively, the "Services"). We collect personal data from you when you submit a request for services through our website or email, and such collection is based on our legitimate interest in providing our services, improving our service, and customer relationship management (CRM).

Your use of the Services is subject to this Privacy Policy; however, where consent is required by law (e.g., for cookies/marketing in the EEA/UK), we will request it separately and not rely on implied/blanket consent. If you do not agree with any of the terms of this Privacy Policy, please do not use our Services.

Collection and Use of Personal Data

We may collect personal data from you in connection with your use of our Services. Personal data is information that identifies or relates to you as an individual. The types of personal data we may collect include:

  • Contact information, such as your name, email address, and phone number;
  • Usage information, such as your IP address, browser type, operating system, and pages visited on our website;
  • Communications, such as messages you send to us or information you provide when you participate in a survey or promotion; and
  • Other information you choose to provide to us.

We may also use your contact information to send you marketing materials about our products, services, and promotions. If you do not wish to receive these materials, you can unsubscribe at any time by clicking the "unsubscribe" link in the email or by contacting us.

Disclosure of Personal Data

We may disclose your personal data to the following types of third parties:

  • Service Providers / Processors: We may share your personal data with third-party service providers who help us operate our business, such as website hosts, marketing partners, analytics providers (e.g., Google Analytics 4, Microsoft Clarity, Crazy Egg), advertising/remarketing platforms (e.g., Google Ads), and customer relationship management tools (e.g., HubSpot). These service providers may use your personal data only as necessary to provide their services to us and are contractually obligated to protect your personal data, and are prohibited from using personal data for their own purposes. Where required by law, non-essential analytics and advertising technologies are activated only with your consent.
  • Affiliates / Intra-group recipients: We may share your personal data with our affiliates for the purposes described in this Privacy Policy, including with our affiliated company located in the United Arab Emirates (UAE) acting as an intra-group processor for internal hosting, support, and administrative purposes.
  • Business Partners: We may share your personal data with our business partners when we collaborate with them to provide you with certain products or services.
  • Professional Advisors: We may disclose personal data to our lawyers, auditors, accountants, and other professional advisors where necessary for the provision of their services and subject to confidentiality obligations.
  • Legal Requirements: We may disclose your personal data when we believe in good faith that such disclosure is necessary to comply with applicable laws, regulations, or legal processes, or to respond to a subpoena or court order.
  • Protect Our Rights and Interests: We may disclose your personal data when we believe in good faith that such disclosure is necessary to protect our rights or interests or the rights or interests of others.
  • Aggregated or De-identified Information: We may share aggregated or de-identified information that cannot reasonably be used to identify you.

We do not sell, rent, or lease your personal data to third parties. In particular, we do not “sell” personal information as that term may be defined under applicable U.S. state privacy laws, and we do not “share” personal information for cross-context behavioral advertising without providing applicable opt-out or consent mechanisms.

Third-Party Links

Our Services may contain links to third-party websites, products, and services that are not owned or controlled by us. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies and terms of use of any third-party sites that you access.

You further acknowledge and agree that SoftKerr shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any such content, goods or services available on or through any such web sites or services.

Security

We take reasonable measures to protect your personal data from unauthorized access, use, or disclosure. This includes appropriate technical and organizational measures such as encryption in transit, access controls based on least privilege, network and application monitoring, vulnerability management, employee confidentiality and security training, and incident response procedures. However, no data transmission over the internet or electronic storage can be guaranteed to be completely secure. To the extent permitted by law, we cannot guarantee absolute security of your personal data.

Principles of Processing

We process Personal Data in accordance with the GDPR/UK GDPR and commit to the principles set out in Article 5. In particular, Personal Data we process will be:

  • Lawfulness, fairness & transparency. We process Personal Data on a valid legal basis (e.g., contract, legitimate interests, legal obligation, or consent) and provide clear, accessible notices about our processing activities. In the EEA/UK, non-essential analytics/advertising cookies are deployed only with your consent (no implied/blanket consent).
  • Purpose limitation. We collect Personal Data for specified, explicit, and legitimate purposes and do not further process it in a manner incompatible with those purposes. If we intend to use Personal Data for a new purpose, we will provide prior notice and identify the applicable legal basis.
  • Data minimisation. We limit Personal Data to what is adequate, relevant, and necessary in relation to the purposes (e.g., minimal form fields; pseudonymisation/aggregation where feasible).
  • Accuracy. We keep Personal Data accurate and, where necessary, up to date, and we provide mechanisms for you to request correction or update of your data.
  • Storage limitation. We retain Personal Data no longer than necessary for the purposes for which it is processed and then delete or irreversibly anonymise it.
  • Integrity & confidentiality (security). We process Personal Data using appropriate technical and organisational measures (e.g., encryption in transit, least-privilege access controls, logging/monitoring, vulnerability management, incident response) and require equivalent protections from our processors and partners.
  • Data protection by design and by default. We implement appropriate technical and organisational measures designed to ensure that, by default, only Personal Data necessary for each specific purpose is processed, and we continuously review controls in line with Article 25 GDPR.

‍Data Retention

Unless a longer retention period is required or permitted by law (e.g., tax, accounting, litigation hold), we retain personal data for the periods below and then delete or irreversibly anonymize it. Where consent is the legal basis, we delete the data after consent is withdrawn unless another legal ground applies.

Where We Store Personal Data

Service-specific storage information:

  • Google Analytics (GA4). Analytics data may be stored on Google servers located in the EU and the US. Transfers are safeguarded via Standard Contractual Clauses and/or reliance on Google’s participation in the EU-U.S. Data Privacy Framework (where applicable).
  • Microsoft Clarity. Session analytics data may be stored on Microsoft infrastructure in the EU and the US. International transfers are protected via Standard Contractual Clauses.
  • Google Ads (advertising/remarketing). Campaign, audience, and conversion data may be stored on Google servers in the EU and the US. International transfers are safeguarded via Standard Contractual Clauses and/or the EU-U.S. Data Privacy Framework (where applicable).

We use reputable cloud providers and subprocessors that may store and process personal data in the European Union, the United States, the United Arab Emirates (for intra-group processing), and other jurisdictions. When personal data is transferred internationally, we implement appropriate safeguards such as the European Commission’s Standard Contractual Clauses and, where applicable, rely on participation in the EU-U.S. Data Privacy Framework, together with supplementary measures consistent with regulatory guidance.

International Transfers

We are established in Andorra. For transfers of personal data from the European Economic Area (EEA) to Andorra, we rely on the European Commission’s adequacy decision recognizing Andorra as providing an adequate level of protection. We also engage processors and partners that may process personal data outside your jurisdiction (for example, in the European Union, the United States, and the United Arab Emirates). In such cases, we implement appropriate safeguards to ensure a level of protection essentially equivalent to that in the EEA/UK. These safeguards include:

  • Standard Contractual Clauses (SCCs). For EEA-origin data transferred to countries without an adequacy decision (e.g., the United States or the United Arab Emirates), we enter into the European Commission’s Standard Contractual Clauses (2021/914) with the relevant recipients, using the appropriate modules and ensuring onward transfer restrictions and audit rights.
  • UK Addendum / International Data Transfer Agreement (IDTA). For transfers originating from the United Kingdom, where no UK adequacy regulation applies, we use the UK Addendum to the EU SCCs or the UK IDTA, as applicable.
  • EU–U.S. Data Privacy Framework (DPF). Where a U.S. recipient (e.g., certain analytics, advertising, or CRM providers) participates in the EU–U.S. DPF, we may rely on that certification for EEA→U.S. transfers. If a recipient does not participate, we use SCCs (and the UK Addendum/IDTA where relevant).
  • Supplementary measures and Transfer Risk Assessments. We adopt technical, organizational, and contractual measures (e.g., access controls, encryption in transit, data minimization, purpose limitation, and transparency commitments) and conduct transfer risk assessments, where appropriate, in line with regulatory guidance.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update this Privacy Policy, we will revise the "Last updated" date at the top of this document. If we make significant changes to this Privacy Policy, we will provide notice through our Services or by other means.

General Data Protection Regulation (GDPR) and UK GDPRChildren's Online Privacy Protection Act (COPPA)

Our Services are not directed to children under the age of 13, and we do not knowingly collect personal data from children under the age of 13. If you are under 13 years of age, do not use or provide any information on our Services or provide any personal data about yourself to us.

If we learn that we have collected personal data from a child under the age of 13 without verification of parental consent, we will delete that data. If you believe we might have any information from or about a child under 13, please contact us at the address provided below.

We encourage parents and legal guardians to monitor their children's internet usage and to help enforce our Privacy Policy by instructing their children to never provide personal data on our Services without their permission.

‍Fair Information Practices The Fair Information Practices Principles form the backbone of privacy law in the United States, and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect Personal Data.

In order to be in line with Fair Information Practices We will take the following responsive action, should a data breach occur: - We will notify the Users via Platform notification within 7 (seven) business days.

We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data Collectors and Processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and / or prosecute non-compliance by Data Processors.

Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us email

If you have any questions about this Privacy Policy, please contact us.