Privacy Policy
Graf Clouds ("we", "us") respects your privacy. This policy explains what personal data we collect when you visit grafclouds.com or work with us, why we collect it, how long we keep it, and the rights you have under the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.
1.Data Controller
The data controller for personal data processed through this website is Graf Clouds. You can reach us for any privacy matter at [email protected].
2.What We Collect
- Website usage data. Standard server logs: IP address, browser type, requested pages, timestamps. Used for security and operating the site.
- Contact data. Name, email address, company and message content you provide when contacting us or requesting a proposal.
- Business relationship data. Contact and billing details, contracts and correspondence for clients, partners and suppliers.
- Recruitment data. CVs and application details you submit for open positions.
We do not knowingly collect data from children, and we do not use the website to profile visitors.
3.Why We Process It
- to respond to enquiries and provide our services (performance of a contract, or steps prior to entering one);
- to operate, secure and improve our website (legitimate interest);
- to meet accounting, tax and other legal obligations (legal obligation);
- to evaluate job applications (steps prior to entering an employment contract).
We do not sell personal data, and we do not use it for automated decision-making that produces legal effects.
4.Sharing
We share personal data only where necessary: with service providers acting on our instructions (such as hosting and email providers), with professional advisers, and with authorities where the law requires it. Our website is delivered through Cloudflare's content delivery network, which processes visitor IP addresses to provide security and performance. Web fonts are loaded from Google Fonts. The homepage hero background video loads from YouTube (muted); in that case Google receives standard request data such as your IP address. Where data is transferred outside the EU/EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.
5.Retention
We keep personal data only as long as needed for the purposes above: enquiry correspondence for up to two years, contractual and billing records for the statutory retention periods that apply to them, and recruitment data for up to six months after a hiring decision unless you consent to a longer period. Server logs are rotated on a short cycle.
6.Security
As a company whose business is securing infrastructure, we apply the same discipline to our own: encryption in transit, least-privilege access, hardened systems and monitored infrastructure. Graf Clouds operates an information security management system aligned with ISO/IEC 27001. No internet transmission is completely secure, but we work to protect your data against unauthorized access, alteration and loss.
7.Your Rights
Subject to the conditions set by the GDPR, you have the right to:
- access the personal data we hold about you and receive a copy;
- have inaccurate or incomplete data corrected;
- have your data erased where there is no longer a lawful basis to keep it;
- restrict or object to processing based on our legitimate interests;
- receive data you provided in a portable format;
- lodge a complaint with your local supervisory authority (in Bulgaria, the Commission for Personal Data Protection).
To exercise any of these rights, email [email protected]. We respond within one month.
8.Cookies
This website uses only a minimal set of cookies. Details are in our Cookie Policy.
9.Changes to This Policy
We may update this policy from time to time. The current version, with its "last updated" date, is always available on this page.