Privacy & GDPR
SaaS & On-Prem — integrated commerce infrastructure to accelerate enterprise growth
Privacy Policy & GDPR
Effective date: 4 November 2024
Last update: 4 November 2024
Operator: VOGO S.R.L., contact: privacy@vogo.me • dpo@vogo.me
1. Scope
This policy explains how VOGO S.R.L. collects, uses, shares, and protects personal data when you visit vogo.me, contact us, or use our services and products.
2. Data controller and DPO
VOGO S.R.L. acts as data controller for website and commercial operations. For certain services we may act as processor on behalf of clients, based on a Data Processing Agreement (DPA).
DPO / Privacy contact: dpo@vogo.me
3. Personal data we process
- Identification: name, company, role.
- Contact: email, phone, address, country.
- Commercial: project details, contracts, invoices, payment metadata.
- Usage: page views, event logs, device/browser data, IP, referrer.
- Support: messages, tickets, attachments, call notes.
- Recruitment (if applicable): CV, portfolio, interview notes.
4. Purposes and legal bases
| Purpose | Examples | Legal basis (GDPR) |
|---|---|---|
| Provide website and services | Account setup, deliverables, support | Art. 6(1)(b) contract; Art. 6(1)(f) legitimate interest |
| Communications | Respond to inquiries, service notices | Art. 6(1)(b) contract; Art. 6(1)(f) |
| Analytics and improvement | Usage metrics, performance, UX | Art. 6(1)(a) consent; or Art. 6(1)(f) for strictly necessary analytics |
| Marketing | Newsletters, campaigns, events | Art. 6(1)(a) consent; Art. 6(1)(f) B2B where permitted |
| Security and fraud prevention | Access logs, audit, incident response | Art. 6(1)(f) legitimate interest |
| Legal and compliance | Tax, accounting, requests from authorities | Art. 6(1)(c) legal obligation |
5. Sources of data
- Directly from you via forms, email, chat, contracts.
- Automatically via cookies and similar technologies.
- From partners and publicly available sources where lawful.
6. Sharing and recipients
We share data with service providers under contracts that include confidentiality and data protection clauses.
| Recipient | Purpose | Examples |
|---|---|---|
| Cloud hosting | Infrastructure, storage, backups | EU data centers |
| Email & support | Transactional email, ticketing | EU/EEA providers |
| Analytics | Traffic and performance | Configured for EU data where available |
| Payments/accounting | Billing and compliance | Payment processors, accountants |
| Professional advisors | Legal, audit, compliance | External counsel, auditors |
7. International transfers
Where data is transferred outside the EEA, we use appropriate safeguards such as Standard Contractual Clauses (SCC), and assess local laws and vendor practices.
8. Retention
We keep data only as long as necessary for the stated purposes or as required by law. Typical ranges:
- Contracts and invoices: 5–10 years (statutory).
- Support tickets: 12–24 months.
- Analytics events: 13 months (EU default) or shorter if configured.
- Marketing contacts: until consent withdrawal or objection.
9. Security
We apply technical and organizational measures including encryption, access controls, logging, backups, and incident response. See also Security and Compliance.
10. Your GDPR rights
- Access to your data and a copy of it.
- Rectification of inaccurate or incomplete data.
- Erasure (“right to be forgotten”) where applicable.
- Restriction of processing in certain cases.
- Portability of data you provided to us.
- Objection to processing based on legitimate interest or for direct marketing.
- Withdraw consent at any time, where processing is based on consent.
To exercise your rights, contact privacy@vogo.me or dpo@vogo.me. We will respond within the deadlines set by GDPR.
11. Children’s data
Our services are intended for business users. We do not knowingly collect data from children under applicable age thresholds.
12. Automated decision-making
We do not use automated decisions producing legal or similarly significant effects without human involvement.
13. Cookies
See the dedicated Cookie Policy for details on categories, consents, and controls.
14. Changes to this policy
We may update this policy to reflect legal or operational changes. The “Last update” date will change accordingly. Continued use of our services after changes means you accept the updated policy.
15. Contact & complaints
Questions or requests: privacy@vogo.me • dpo@vogo.me.
You may lodge a complaint with your local Supervisory Authority. In Romania: ANSPDCP, dataprotection.ro.