SecondDesk

SecondDesk ("We", "Us", or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your data (in compliance with GDPR and applicable laws) when you visit our website or use our services.

1. Scope & Introduction

This policy applies where SecondDesk acts as a data controller. For data processed by our clients while providing support to their end-users, SecondDesk acts solely as a "data processor" and processes such end-user data strictly according to client instructions.

2. Information We Collect

We collect various types of personal data to provide our platform efficiently:

Account & Contact Data: Name, surname, and email address provided during registration.
Usage & Log Data: IP address, device information, browser type, and your interactions within the system (analytics and audit logs).
Communication Content: Tickets, messages, and files you create or attach while interacting with support.
Payment Information: Billing details are collected for subscriptions; however, raw credit card data is strictly processed and stored by our global partner (Stripe).

3. How We Use Information

We use the collected personal data for the following essential purposes:

To provide, operate, and maintain our services.
To respond to customer support requests and troubleshoot account issues.
To ensure account security and prevent unauthorized or fraudulent activities.
To comply with legal obligations (e.g., invoicing, tax regulations).
To send email communications regarding platform updates and new features, provided you have explicitly opted in.

4. Legal Bases (GDPR compliance)

Under the General Data Protection Regulation (GDPR) and similar laws, we process your personal data based on the following legal grounds:

Performance of Contract: To fulfill the SecondDesk Terms of Service.
Legitimate Interest: To ensure system security and improve our services.
Legal Obligation: To comply with tax laws and local law enforcement regulations.
Consent: For promotional emails or optional analytics cookies (which you can withdraw at any time).

5. Sharing & Disclosure

SecondDesk NEVER SELLS YOUR PERSONAL DATA. Your data is only shared with trusted, highly secure partners ("data processors") necessary to provide the service:

Cloud Infrastructure Global providers like AWS / DigitalOcean (Data is hosted on secure servers).

Payment Gateway Stripe (For credit card validation and subscription tracking).

Communication & Email SMTP Services (For delivering ticket notifications and password resets).

6. Cookies

Our website uses cookies to ensure the platform functions correctly, to manage user sessions, and to analyze service performance. You can manage or delete cookies via your browser settings at any time; however, disabling them may affect certain functionalities of the service.

7. Data Security & Retention

All your data is protected using AES-256 encryption and industry-standard TLS/SSL protocols (in transit). User passwords are irreversibly stored (hashed) using the Argon2id algorithm.

Your personal data is retained on our systems as long as your account is active. If you close your account, all operational data is permanently and securely deleted within 30 days, except for financial records (e.g., invoices) which must be retained legally.

8. Your Privacy Rights

Our users have full control over their own data. Under GDPR, you have the right to:

Request a copy of your personal data (Right of Access).
Request correction of inaccurate or incomplete information (Right to Rectification).
Request the permanent deletion of your data from the system (Right to Erasure / Right to be Forgotten).
Object to data processing based on profiling or for direct marketing.

9. Contact Information

If you have questions about our privacy policy, data processing practices, or wish to exercise your rights, please contact our official Data Protection Officer at:

admin@secondmedia.co.uk