Since May 25, 2018, when the European Union's General Data Protection Regulation (GDPR) became enforceable, Softescu has maintained strict compliance with these data protection requirements. It's important to understand that in the context of GDPR, Softescu operates primarily as an IT service provider rather than a data processor, as we do not process personal data on behalf of our clients in our standard operations.

Understanding Data Handling in Our Services

Our web development services are structured to minimize contact with personal data. When our clients determine the purpose and means of collecting personal data through their applications, they maintain full control and responsibility as data controllers. Our role is to provide technical expertise while ensuring data privacy remains protected.

Our Approach to Data Protection

We implement several key principles in our development practices:

Data Isolation
We maintain a strict policy ensuring that personal information remains exclusively within our clients' infrastructure. This means we do not collect, transfer, or store personal data on Softescu's systems during normal development operations.

Special Cases Management
In situations where access to personal or identifiable data becomes necessary for development purposes, we establish specific contractual agreements. These agreements carefully outline:
- Conditions for accessing data
- Data storage requirements
- Data deletion protocols
- Clear liability boundaries for both parties

Security Framework and Certification

Softescu maintains ISO 27001 certification, demonstrating our commitment to information security. While ISO 27001 and GDPR have distinct requirements, our ISO certification reflects our comprehensive approach to data protection through:
- Established information security policies
- Regular security assessments
- Continuous improvement of privacy measures
- Staff training and awareness programs