Infracos.ioBack to site
Legal Document

Data Protection Policy

Last Updated: June 4, 2026

Infracos.io is committed to protecting and respecting your privacy in compliance with applicable data protection laws. This Data Protection Policy outlines our approach to collecting, using, and protecting personal data.

1. Data Controller

Infracos.io acts as the data controller for personal information collected through our website and consulting engagements. Our data protection contact is privacy@infracos.io.

2. Legal Basis for Processing

We process personal data on the following legal bases:

  • Contract Performance: Processing necessary to deliver our consulting services.
  • Legitimate Interests: Processing for business operations, security, and service improvement.
  • Consent: Where you have provided explicit consent, such as for marketing communications.
  • Legal Obligation: Where processing is required by applicable law.

3. Categories of Personal Data

We process the following categories of personal data:

  • Identity data (name, job title)
  • Contact data (email, phone, company address)
  • Business information (revenue, team size, operational challenges)
  • Technical data (IP address, browser data, usage analytics)
  • Communication data (correspondence and inquiry records)

4. Data Minimization

We only collect personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

5. International Data Transfers

If we transfer personal data outside your jurisdiction, we ensure appropriate safeguards are in place, including standard contractual clauses or other approved transfer mechanisms.

6. Data Subject Rights

Under applicable data protection law, you have the right to:

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate personal data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Request restriction of processing.
  • Portability: Receive your data in a structured, commonly used format.
  • Object: Object to processing based on legitimate interests.
  • Withdraw Consent: Where processing is based on consent.

7. Data Security Measures

We implement the following security measures:

  • Encryption of data in transit and at rest
  • Access controls and authentication requirements
  • Regular security assessments
  • Staff training on data protection
  • Incident response procedures

8. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay.

9. Data Retention Schedule

  • Client engagement records: 7 years from engagement completion
  • Marketing contact data: Until consent withdrawal or 3 years of inactivity
  • Website analytics data: 26 months
  • Financial records: As required by applicable law

10. Complaints

If you believe we have not handled your personal data in accordance with this policy, you have the right to lodge a complaint with your local data protection authority. We encourage you to contact us first at privacy@infracos.io to resolve the matter directly.

© 2026 Infracos.io. All rights reserved.

Return to infracos.io →