BASTION INFRA

Privacy Policy

Last Updated: March 2026

1. Introduction and Scope

This Privacy Policy outlines the framework under which IS Control ('the Company,' 'we,' 'our,' or 'us') handles data related to our digital interfaces. We are committed to maintaining the highest standards of data privacy, integrity, and operational transparency in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR).

2. Identity of the Data Controller

For the purposes of any data processed through our primary website infrastructure, IS Control acts as the Data Controller. Detailed corporate identification and communication channels can be found on our dedicated Contacts page.

3. Categories of Data Processed

Our data collection is strictly minimized. We process the following categories of information:

  • Directly Provided Information: Information voluntarily provided when you contact us directly via email. We do not store this information in any database.
  • Automated Telemetry & Infrastructure Data: IP addresses, browser types, and timestamp metadata automatically logged by our web servers to ensure network security and prevent automated abuse.

4. Legal Basis and Purposes of Processing

We process data under the following legal frameworks defined in GDPR Article 6:

  • Explicit Consent (Art. 6(1)(a)): To respond to your direct email inquiries regarding our upcoming tax-technology platform.
  • Legitimate Interests (Art. 6(1)(f)): To monitor the technical performance of our web application, ensure operational stability, and protect against cybersecurity threats.

5. Data Architecture and Sub-Processors

Your data is not monetized, sold, or distributed to unauthorized third parties. We do not store personal information from direct email inquiries in any database. To provide our website, we utilize enterprise-grade infrastructure. All data in transit is secured using industry-standard cryptographic protocols (TLS/SSL).

6. Data Retention Life-Cycle

We apply strict data minimization principles. Personal data collected via direct email communication is retained only as long as necessary to respond to your inquiry and is not stored in a database. Automated infrastructure logs are purged systematically.

7. Data Subject Rights

Under the GDPR, you retain absolute control over your personal data. You are guaranteed the following rights:

  • Right of Access & Portability: To request a copy of the personal data we hold about you.
  • Right to Rectification: To correct any inaccurate or incomplete data.
  • Right to Erasure ('Right to be Forgotten'): To request the immediate deletion of your data from our active systems.
  • Right to Withdraw Consent: You may revoke your consent for communication at any time by contacting us directly.

To exercise any of these rights, please route your request through the official channels listed on our Contacts page.