Privacy Policy

Introduction

Senveco ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use our audit confirmation platform.

Data We Collect

We collect the following types of personal data:

• Identity data: name, email address, phone number
• Professional data: organization name, role, audit engagement details
• Authentication data: one-time login code records, login attempts, and session records
• Audit workflow data: confirmation requests, responses, comments, uploaded attachments, exports, and related audit evidence
• Operational records: audit logs, email delivery records, reminder records, IP address, browser type, and user agent data
• Strictly necessary cookies and browser storage for session and language preference purposes

Purpose of Processing

We process your data for the following purposes:

• To provide and maintain the audit confirmation service
• To authenticate users and ensure security
• To comply with legal and regulatory requirements applicable to audit confirmation workflows
• To communicate important service updates

Legal Basis for Processing

We process personal data based on the purpose involved, including performance of a contract to provide the service, legal obligations connected with audit work, and legitimate interests for security, logging, abuse prevention, and service integrity. The login checkbox is an acknowledgement of the Privacy Policy and Terms of Service. It is not treated as consent for all processing.

Data Retention

Audit engagement data, confirmations, responses, attachments, exports, and audit logs may be retained where needed for audit evidence, legal obligations, dispute handling, and service integrity. Operational authentication records such as one-time login code records and session records include expiry or revocation information and are retained according to operational security needs. Email and reminder operational records may be cleaned up when they are no longer needed for delivery and troubleshooting. Backup copies, where they exist, may persist until the relevant backup cycle expires.

Cookies and Browser Storage

We use strictly necessary cookies and browser storage to keep you signed in, protect the session, and remember your language preference. We do not claim to use analytics or tracking cookies in this policy.

Your Rights (GDPR)

Under GDPR, you may have the following rights, subject to applicable legal and audit-record retention requirements:

• Right to access - obtain a copy of your personal data
• Right to rectification - correct inaccurate data
• Right to erasure - request deletion of your data (subject to legal retention requirements)
• Right to restriction - request limited processing in applicable cases
• Right to data portability - receive your data in a structured format
• Right to object - object to processing based on legitimate interests

Rights Requests

Rights requests are handled manually through the contact path below. We do not currently provide an automated privacy request portal, automated export workflow, or automated deletion workflow. Where audit evidence or legal-retention requirements apply, we may need to retain some data and explain the reason.

Language

This legal content is maintained in English and Serbian. If another interface language is selected, the English legal content is shown as the fallback.

Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), access controls, audit logging, and regular security review of the platform.

Contact Us

For privacy-related inquiries or to exercise your rights, please contact us at:

• Email: [email protected]