Legal

Privacy Policy

This policy explains what personal data we collect, why we collect it, how long we keep it, and the rights you have under the EU General Data Protection Regulation (GDPR) and Latvian law.

Effective date: 15 May 2026

01Data Controller

The data controller for any personal data processed via this website is Codevia Systems SIA, registration number 40203745209, registered office at "Priedaine" - 1, Demenes pag., Augšdaugavas nov., LV-5442, Latvia ("we", "us", "our").

For any privacy-related question, contact us through the contact page. We’ll respond within 30 days as required by Article 12(3) GDPR.

02Data We Collect

We process the minimum personal data necessary, namely:

  • Contact form submissions— name, email, optional company name, the message you send, and the service you’re interested in.
  • Technical data — IP address, user agent, referrer and timestamps recorded by our hosting provider for security and anti-abuse purposes.
  • Cookies & similar technologies — see our Cookies Policy for the full breakdown.

We do not knowingly collect data from children under 16, and we never collect special-category personal data (health, biometric, political opinion, etc.) through this website.

03Purposes & Legal Bases

We process personal data on the following legal bases under Article 6 GDPR:

  • Article 6(1)(b) — pre-contractual and contractual measures for processing your enquiry, preparing a quote and delivering services.
  • Article 6(1)(f) — legitimate interestsfor website security, fraud prevention, and improving our content. The interests considered are operating a safe and reliable website; we’ve balanced these against your rights and freedoms.
  • Article 6(1)(c) — legal obligations for accounting, tax and corporate record-keeping.
  • Article 6(1)(a) — consent for non-essential cookies and any optional marketing communications.

04Retention Periods

  • Contact form submissions: kept for up to 24 months from last contact, then deleted or anonymised.
  • Contracts, invoices and accounting records: kept for at least 5 years (or longer if Latvian law requires it).
  • Server logs: kept for up to 90 days, then aggregated or deleted.

05Recipients & International Transfers

We share personal data only with vetted processors that help us operate the business — for example our hosting provider (currently Vercel Inc.), email and CRM platforms, and accounting partners — under GDPR-compliant data-processing agreements.

Where a processor is located outside the EEA, transfers are protected by EU Standard Contractual Clauses or an adequacy decision of the European Commission. We don’t sell your data, and we don’t use it for cross-context behavioural advertising.

06Your Rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • rectify inaccurate or incomplete data;
  • erase data when one of the GDPR grounds applies;
  • restrict or object to processing;
  • data portability;
  • withdraw consent at any time, where processing is based on consent;
  • lodge a complaint with the Latvian supervisory authority, Datu valsts inspekcija (DVI), at dvi.gov.lv.

To exercise any of these rights, please contact us via the contact page.

07Security

We apply technical and organisational measures appropriate to the risk — including TLS in transit, encrypted backups, access controls, principle-of-least-privilege for staff, and periodic review of third-party processors. No system is perfectly secure, but we work hard to keep yours close.

08Changes to This Policy

We may update this policy to reflect changes to our services or to applicable law. The effective date at the top of the page will always reflect the latest version. Significant changes will be highlighted on this page.