Privacy & Cookie Policy
Service Provider: BackOfficeOps.EU
1. Executive Summary
Our Role: We act as a service provider performing data processing strictly on documented instructions from our clients.
What We Do: Receive unstructured data from clients → Process according to their instructions → Return structured result → Delete all data.
Key Principle: We never use client data for our own purposes. Data exists on our systems only for the duration of the specific project.
2. Detailed Processing Workflow
2.1. Step-by-Step Process
- Data Receipt: Client sends data via encrypted email or provides access to specific cloud storage.
- Secure Transfer: Data is transferred to our secure servers in Slovenia.
- Processing: Data is processed using OpenOffice Calc, Google Sheets, or Microsoft Excel, according to client's detailed instructions (Statement of Work). Scripts/macros may be used for automation.
- Quality Check: Processed data is verified against requirements.
- Delivery: Final results returned via secure method specified by client.
- Deletion: All original data, intermediate files, and results are permanently deleted from our systems.
2.2. Types of Data We May Process
We process only data necessary for the specific project:
| Data Type | Examples | Processing Purpose |
|---|---|---|
| Contact/Customer Data | Names, emails, phone numbers, addresses | Cleaning lists, deduplication, formatting |
| Product/Service Data | Product names, prices, SKUs, descriptions | Catalog organization, price list updates |
| Transactional Data | Order numbers, dates, amounts | Report creation, data visualization |
| Document Data | Information from PDFs, scans, forms | Digitization, data extraction, organization |
3. Security & Infrastructure
- Location: Data processing is carried out on dedicated servers with a Slovenian hosting provider
- Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access Control: Multi-factor authentication, role-based access, and unique user accounts ensure controlled access
- Network Security: Firewalls, intrusion detection, and regular system updates maintain network protection
- Physical Security: Data center operates with 24/7 monitoring and restricted access
4. Contractual Framework: Data Processing Agreement (DPA)
Before any data processing begins, we enter into a Data Processing Agreement (DPA) that specifies:
| DPA Section | What It Covers |
|---|---|
| Scope & Instructions | Exactly what data, for what purpose, according to which instructions |
| Technical Measures | Specific security measures we implement |
| Sub-processors | Approved list of supporting services (e.g., hosting provider) |
| Data Subject Rights | How we assist client in fulfilling rights requests |
| Breach Notification | Our obligation to notify within 72 hours of discovering a breach |
| Deletion/Return | Obligation to delete all data after project completion |
5. Data Deletion Protocol
5.1. Deletion Process
- Immediate Post-Project: Data deleted from active processing servers (within 24 hours of project completion)
- Backup Rotation: Data removed from backups during next rotation cycle (within 7 days)
- Verification: Automated verification of deletion completeness
- Documentation: Certificate of Deletion generated
5.2. Deletion Certificate
What We Provide: Upon request, we issue a Certificate of Data Deletion confirming:
- Project reference and date range
- Types of data processed
- Deletion dates from all systems
- Methods used for secure deletion
- Authorized signatory from our company
6. Logging & Monitoring
We maintain security logs for access control and compliance:
| Log Type | What's Recorded | Retention Period | Purpose |
|---|---|---|---|
| Access Logs | Who accessed which data, when, from where | 6 months | Security monitoring, incident investigation |
| Processing Logs | What operations were performed on data | 30 days after project completion | Quality control, process verification |
| System Logs | Server activity, security events | 12 months | Infrastructure monitoring, threat detection |
Important: These logs contain metadata only (who, when, what action), not the actual personal data content.
7. Cookie Policy for Our Website
7.1. Essential Cookies
| Cookie Name | Purpose | Duration | Mandatory |
|---|---|---|---|
| session_id | Maintain your session during form submission | Session | Yes |
| cookie_consent | Remember your cookie preferences | 1 year | Yes |
| security_token | Protect against form submission attacks | Session | Yes |
7.2. Optional Cookies (Require Consent)
We use essential cookies necessary for the basic functioning of the website. We currently do not use any optional cookies. If we implement analytics in the future:
- Will use privacy-focused solutions (e.g., Matomo self-hosted)
- Will anonymize IP addresses
- Will not share data with third parties
- Will require explicit opt-in consent
7.3. Cookie Management
- Initial Choice: Clear cookie banner on first visit
- Change Settings: "Cookie Settings" link in website footer
- Browser Controls: You can block/delete cookies via browser settings
8. Your Rights & Contact
8.1. For Website Visitors
If you contact us through our website, you may exercise rights related to access, correction, deletion or restriction of your personal data, subject to applicable data protection laws. Contact: info@backofficeops.eu
8.2. For Our Clients' Data Subjects
If you are a customer or employee of our client and your personal data was processed by us:
- Contact the company that engaged our services (your data controller)
- They will instruct us on how to assist with your request
- We respond to their instructions within 48 hours
8.3. Supervisory Authority
Information Commissioner of Slovenia
Dunajska cesta 22, 1000 Ljubljana
Email: gp.ip@ip-rs.si | Web: ip-rs.si
9. Policy Updates
We will notify active clients of material changes 14 days in advance. Website visitors will see the updated "Effective Date" at the top of this page.
10. Contact Information
Data Protection Contact: privacy@backofficeops.eu
Legal Address: [Address of Альнаир д.о.о., Slovenia]
Response Time: Within 48 hours for urgent matters, 5 business days for formal requests
This document is specifically tailored for BackOfficeOps.EU's data processing services. It reflects our commitment to secure, temporary processing with controlled retention and documented deletion practices.