Privacy notice

This privacy notice explains how Limited Liability Company “Sigma Software LLC” (Registration number 31935930, Address: 18 Otakara Yarosha str, Kharkiv, 61045, Ukraine) collects, uses, and protects personal information you provide when using the website https://sigmasoftware.security/. This site offers compliance services related to standards and regulations such as ISO 27001, SOC2, GDPR, C5, NIS2, DORA, CRA etc. As Sigma Software is based in Ukraine, the personal data you provide will be collected and initially processed in Ukraine, which is outside the EU/EEA. 

Sigma Software commits to protecting your privacy. Any identifiable information requested will be used only as described in this notice. 

This notice applies when you use our services or visit our website. We may update it by posting changes here. Check periodically for updates. Effective from 03 November 2025. 

1. INFORMATION WE COLLECT AND HOW WE DO IT 

We collect: 

  • Name and job title. 
  • Work email. 
  • Company name. 
  • Other details requested during communication (e.g., phone number for follow-up). 

We do not collect special categories of personal data (e.g., health, racial origin). 

Data is collected directly from you via contact forms on the website or during communications (e.g., email, calls).  

Cookies and Analytics: We use the Complianz GDPR plugin (available at https://wordpress.org/plugins/complianz-gdpr/) to manage cookie consent and ensure GDPR compliance. This plugin may collect data related to your cookie preferences and website interactions. We may use cookies for essential site functionality, such as session management. You can manage your cookie preferences through the plugin’s consent banner on our website. We do not use third-party analytics tools or non-essential cookies without your consent. 

2. WHAT WE DO WITH THE INFORMATION WE GATHER 

We use data for: 

  • Understanding your needs and providing services. 
  • Internal record-keeping for tax purposes or other legal obligations. 
  • Improving our offerings. 

    We may contact you for service-related purposes using provided details. We do not send promotional emails without your consent. 

    The provision of your personal data is voluntary and is neither a statutory nor contractual requirement. You are not obliged to provide your personal data to us. However, if you choose not to provide the requested information, we may not be able to respond to your inquiries or provide the services you have requested. 

    We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. 

    3. LEGAL GROUNDS FOR PROCESSING 

    For EEA data subjects: 

    • Consent. 
    • Legitimate interests (e.g.,  enhancing services). 
    • Contract fulfillment. 
    • Legal obligations. 

          4. RETENTION OF DATA 

          We retain data for ongoing legitimate needs or as required by law. Retention depends on purposes (e.g., service delivery) and may extend for disputes or regulatory requests. 

          5. SECURITY 

          We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put suitable physical, electronic, and managerial controls in place to safeguard and secure the information we collect online. We keep technical and organizational security measures up to date to minimize risks associated with data loss, misuse, unauthorized access, unauthorized disclosure, and alteration. 

          6. PERSONAL INFORMATION SHARING 

          We do not share your data with third parties, subsidiaries, or partners. Data is used internally only. We may disclose if required by law or to report illegal activities. 

          7. DATA TRANSFERS 

          Data may be transferred outside your country, including non-EU/EEA areas. We ensure processing aligns with this notice and laws like GDPR.  

          Where we transfer data to countries for which the European Commission has issued an adequacy decision, we rely on that decision as the basis for the transfer. 

          Where we transfer data to countries without an adequacy decision, we implement appropriate safeguards to protect your personal data, including: 

          • Standard Contractual Clauses approved by the European Commission; and/or; 
          • Other legally recognized transfer mechanisms under Articles 46 and 49 of the GDPR. 

          You have the right to obtain information about the specific countries to which your data is transferred and to request a copy of the safeguards we have in place. Please contact us at privacy@sigma.software to exercise this right. 

          8. YOUR RIGHTS 

          If you are located in the EEA, you have the following rights regarding your personal data: 

          • Right of access: request confirmation of whether we process your personal data and, if so, access to that data along with information about the processing, including the purposes, categories of data, recipients, retention periods, your other rights, the source of the data (if not collected directly from you), and the existence of any automated decision-making. 
          • Right to rectification: request correction of inaccurate or incomplete data. 
          • Right to erasure: request deletion of your data in certain circumstances. 
          • Right to restriction of processing: request that we limit how we use your data.
          • Right to data portability: where processing is based on your consent or a contract and carried out by automated means, you may receive your data in a structured, commonly used format or request transfer to another controller.  
          • Right to object: object to processing based on legitimate interests or for direct marketing purposes. 
          • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal. 
          • Right not to be subject to automated decision-making: you have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. 
          • Right to lodge a complaint: file a complaint with your local data protection supervisory authority if you believe your rights have been violated. 

          To exercise any of these rights, please contact us at privacy@sigma.software. We will respond to your request within the timeframes required by applicable law (typically within one month). 

          Please note that these rights are not absolute and may be limited by applicable law or our legitimate interests and legal obligations. 

          9. CHILDREN’S PRIVACY 

          Our services are not for children (under 13, or 16 in some EU countries). We do not knowingly collect children’s data. Contact us if aware of such collection for deletion. 

          10. GENERAL INFORMATION 

          Contact privacy@sigma.software for questions, access requests, corrections, consent withdrawal, or restrictions. We respond within legal timelines. We do not sell or lease data.