GDPR Compliance

Last updated: March 2025

Our Commitment

Eastgate Software JSC is committed to protecting the personal data of individuals in the European Union and European Economic Area in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This page outlines our approach to GDPR compliance and your rights as a data subject.

Data Controller

For EU/EEA data subjects, Eastgate Software JSC acts as the data controller. Our EU point of contact is our Aachen, Germany office:

Eastgate Software
Friedrich-Wilhelm-Platz 9-10
Aachen 52062, Germany
[email protected]

Legal Bases for Processing

We process personal data only where we have a lawful basis to do so under Article 6 of the GDPR:

  • Legitimate interests - processing enquiries and maintaining records of business relationships
  • Contract performance - processing data necessary to deliver contracted engineering services
  • Consent - sending marketing communications where you have opted in
  • Legal obligation - retaining records as required by applicable law

Data We Collect from EU/EEA Residents

  • Name, email address, phone number, and company details (submitted via contact forms)
  • IP address and browsing behaviour (via Google Analytics - anonymised)
  • Communication records (emails, meeting notes related to service delivery)

Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected:

  • Contact enquiries: up to 24 months from last interaction
  • Client engagement records: duration of contract plus 5 years for legal compliance
  • Marketing opt-in data: until consent is withdrawn

International Data Transfers

As a company headquartered in Vietnam with operations in Germany and Japan, we may transfer personal data across borders. Where data is transferred from the EU/EEA to Vietnam or other countries without an EU adequacy decision, we use appropriate safeguards including Standard Contractual Clauses (SCCs) as approved by the European Commission.

Your Rights Under GDPR

If you are located in the EU/EEA, you have the following rights:

  • Right of access - obtain a copy of the personal data we hold about you
  • Right to rectification - request correction of inaccurate data
  • Right to erasure - request deletion of your data ("right to be forgotten")
  • Right to restriction - request that we limit processing of your data
  • Right to data portability - receive your data in a structured, machine-readable format
  • Right to object - object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent - withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority. In Germany, this is the relevant State Data Protection Authority (Landesdatenschutzbehorde). You may also contact the lead EU supervisory authority in the member state of your habitual residence.

Security Certification

Eastgate Software is certified to ISO 27001:2013 (Information Security Management) and ISO 9001:2015 (Quality Management). Our security practices are independently audited to ensure ongoing compliance with these standards and applicable data protection requirements.