Legal

GDPR Compliance

Commitment to Data Protection

Orvexis IV is fully compliant with the General Data Protection Regulation (GDPR) of the European Union. We take the security and confidentiality of your data seriously and implement all necessary technical and organizational measures for their protection.

Last updated: March 1, 2025

1. Legal Basis

Orvexis IV ('WE', 'OPERATOR') processes personal data in accordance with Regulation (EU) 2016/679 (GDPR). Our activity as a personal data administrator is registered in accordance with Bulgarian legislation.

Data processing is carried out on the basis of:

  • Art. 6(1)(a) of GDPR – performance of a contract with the client
  • Art. 6(1)(b) of GDPR – compliance with legal obligations
  • Art. 6(1)(f) of GDPR – legitimate interest for administering customer relationships

2. Categories of Data We Process

As a provider of AI agents and web services, we process the following categories of data:

  • Identification data: names, email, phone of clients
  • Business data: company information, services, contracts
  • Technical data: IP addresses, chat session logs (only with consent)
  • Communication data: records from AI agent chats (anonymized for service improvement)

3. Processing Principles

We comply with the fundamental principles of GDPR:

  • Lawfulness, fairness and transparency – all processing is documented and accessible
  • Purpose limitation – data is collected only for specific, explicitly defined purposes
  • Data minimization – we collect only data that is absolutely necessary
  • Accuracy – we keep data up-to-date and accurate
  • Storage limitation – data is kept only as long as necessary
  • Integrity and confidentiality – we implement modern security measures

4. Technical Security Measures

Orvexis IV implements the following technical measures for data protection:

  • Data encryption in transit (TLS 1.3) and at rest (AES-256)
  • Regular backups of critical data
  • Role-based access control (RBAC)
  • System monitoring for incident detection
  • Pseudonymization of chat session data

5. Data Subject Rights

Any natural person whose data is processed has the following rights:

  • Right of access (Art. 15 of GDPR)
  • Right to rectification (Art. 16 of GDPR)
  • Right to erasure ('right to be forgotten', Art. 17 of GDPR)
  • Right to restriction of processing (Art. 18 of GDPR)
  • Right to data portability (Art. 20 of GDPR)
  • Right to object (Art. 21 of GDPR)

6. AI Agent Specifics

For our AI customer service agents:

  • Chat sessions are recorded only with explicit user consent
  • Chat data is anonymized within 30 days
  • AI models are trained only on aggregated, anonymized data
  • Clients can request complete deletion of all chat histories
  • We do not perform automated decision-making with legal consequences

7. Cookies and Tracking

Websites built by Orvexis IV use a minimal number of cookies:

  • Necessary cookies – for website functionality (do not require consent)
  • Analytical cookies – only with consent (Google Analytics with anonymization)
  • Functionality cookies – remembering language preferences

8. Storage Periods

Data is stored for the following periods:

  • Contract data: 5 years after contract termination (Commercial Code)
  • Chat histories: 30 days, after which they are anonymized
  • Analytical data: up to 14 months (aggregated)
  • Backup copies: up to 90 days

9. Contacts and Supervision

For questions regarding data protection and exercising rights:

  • Email: contact.orvexisiv@gmail.com
  • Address: Sofia, Bulgaria
  • Supervisory authority: Commission for Personal Data Protection (CPDP) – www.cpdp.bg

Compliance Declaration

Orvexis IV declares that its activity is fully compliant with GDPR requirements. We regularly review and update our data protection policies to ensure continuous compliance with regulations.

Last audit: February 2025