Carpentum Systems

Introduction

This Privacy Policy outlines how Carpentum Systems respect and protect each User's personal data or information processed within Carpentum Systems. We process personal data strictly according to the instructions provided by the Data Controller and for specific purposes as outlined in this Privacy Policy.

Definition

Data Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Data Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
Personal Data: Any data that identifies or can be used to identify an individual, alone or in combination with other data/information, directly or indirectly, in electronic and/or non-electronic systems, which is divided into Specific/Sensitive Personal Data and General Personal Data.
User: Any individual or business entity that uses Carpentum Systems services.

Personal Data Processed by Carpentum Systems

We process personal data strictly under the instructions of the Data Controller and for the purposes defined by them. The types of data we process may include, but are not limited to:

Full name
Bank account number

Purpose of Personal Data Processing

We process personal data solely for the purposes that have been explicitly, lawfully, and clearly defined by the Data Controller, and strictly in accordance with their instructions. We do not process personal data for our own purposes and ensure that all data processing activities are conducted in compliance with this privacy policy and the applicable data processing agreements.

Disclosure of Personal User Data

We do not disclose personal data to third parties unless explicitly authorized by the Data Controller or where required by law. Any third-party processing, such as by sub-processors, will be governed by the same data protection obligations as those set forth in this Privacy Policy and the Data Processing Agreement.

Security of Personal Data

Carpentum ensures the security of personal data regarding its confidentiality, integrity and availability. We protect any User Data stored in its systems, as well as protect such data from unauthorized access, use, modification, loss, retrieval and/or disclosure by using the following security measures and procedures:

Use of multi factor authentication.
SSL, to ensure communication between User and Carpentum is well encrypted via HTTPS, thus protecting against data theft during data transfer on the website.
Encryption, we perform encryption on your sensitive data, such as emails, passwords, etc. This ensures that only authorized parties can see your data.
Storage, using Drata that always strives to improve the security of your personal data by using the latest technology and complying with applicable laws and regulations to meet the expectations of related parties, and to ensure continuous quality improvement.
Authorization with social media, We guarantee security that allows users to authorize from social media accounts.
Carpentum sets high standards for information security, we are in the process of ISO 27001:2022 certification so that an inspection is required by the Certification Body where the Auditor will review the data processed at Carpentum including personal data belonging to Users. We ensure that the Auditor appointed by the Certification Body has committed to maintaining the confidentiality of User data used as audit evidence.

Data Retention

We retain personal data only for the duration specified by the Data Controller or as required to fulfill our contractual obligations. Upon completion of the processing activities or at the Data Controller’s request, personal data will be securely deleted, returned, or anonymized, unless otherwise required by applicable law.

User Rights

As a processor, we do not respond directly to data subject requests. Data subjects should contact the Data Controller to exercise their rights under applicable data protection laws, such as the right to access, correct, or delete their personal data.

This cookie is used to store information, including visitor preferences and the pages on the website that are accessed or visited by visitors. This information is used to optimize the user experience by tailoring the content of our online registration website pages based on the type of browser the visitor is using and/or other relevant information.These cookies are not intended to be used for accessing other information/data that the User has on their computer, other than what the User has agreed to share.Although the User's computer will automatically accept cookies, the User can choose to modify this by adjusting the browser settings to reject cookies.

Data Breach Notification

In the event of a personal data breach, we will promptly notify the Data Controller in accordance with the terms of the Data Processing Agreement and assist the Data Controller in fulfilling any legal obligations related to breach notifications.

International Data Transfers

We ensure that personal data is processed in compliance with applicable international data transfer regulations. Transfers of personal data outside the Data Controller’s jurisdiction are conducted only with appropriate safeguards in place as mandated by law.

International Data Transfers

For further information relating to this Privacy Policy or Personal Data please contact privacy@psp.team.