This statement describes the contractual data processing between you — the controller — and BOOKAREST DIGITAL SRL as processor under Article 28 of the General Data Protection Regulation (GDPR). It supplements the individual Data Processing Agreement signed with each customer before processing begins.
BOOKAREST DIGITAL SRL
Cosmopolis, Ilfov, Romania
VAT ID RO49617735 · Trade Register J25/105/2024 (Oficiul Registrului Comerțului Mehedinți)
Role: platform operations (kernel service, configuration orchestration), Matrix transport (tuwunel server for room state and timelines), and the persistence layer (SQLite indices and Redis cache).
Identity data: email addresses, display names.
Membership data: workspace membership, role assignments, join and leave timestamps.
Case data: messages and attachments inside a case workspace.
All processing takes place exclusively within the European Union. Production infrastructure runs on Hetzner Online GmbH (Frankfurt am Main, Germany); there is no transfer to third countries.
Data is retained for the duration of the active case workspace. After closure of a case, the associated records are archived in accordance with applicable retention periods (GoBD: typically ten years for accounting-relevant documents, six years for other commercial records).
Processing is encrypted in transit (TLS) and at rest. Access is restricted to authenticated members of a workspace; platform administrators have no read access to case content. The full TOM under Art. 32 GDPR are agreed in the individual DPA.
Send data-processing enquiries to [email protected] or via the contact form.
← Back to home