Privacy Policy

1. Data controller

The controller responsible for processing your personal data is DSD Automation S.A., incorporated under Luxembourg law, headquartered in Luxembourg.

Data-protection contact: info@industream.com.

2. What data we collect

• Contact and form data — name, business email, company, country, and any message content you provide through demo-request or contact forms.
• Technical and log data — IP address, user agent, referrer, requested URL, and timestamps collected automatically by our servers for security and troubleshooting.
• Analytics and cookies — anonymized or pseudonymized usage statistics (page views, device class, approximate location) when you consent to analytics cookies.
• Customer data — if you are a customer, business contact details and contractual information required to provide the InduStream platform.

3. Purposes and legal bases

• Responding to enquiries, demos, sales — pre-contractual measures and our legitimate interest in operating a B2B platform (GDPR Art. 6(1)(b) and (f)).
• Contract performance — providing and supporting the InduStream service (Art. 6(1)(b)).
• Security, fraud prevention, integrity of the service — legitimate interest (Art. 6(1)(f)).
• Analytics and marketing cookies — only with your consent (Art. 6(1)(a) and Art. 5(3) of the ePrivacy Directive, as transposed in Luxembourg).
• Legal obligations — accounting, tax, and compliance duties (Art. 6(1)(c)).

4. Retention periods

We keep personal data only as long as necessary for the purposes described above:

• Contact-form submissions: up to 24 months after last interaction.
• Customer and contractual data: duration of the contract plus 10 years (Luxembourg commercial law).
• Server and security logs: up to 12 months.
• Analytics identifiers: up to 14 months, or until consent is withdrawn.

5. Recipients and processors

We share personal data only with vetted service providers acting as processors under GDPR Art. 28 — notably infrastructure providers (hosting, CDN, email), analytics vendors, and CRM tools. We never sell your data.

6. International data transfers

Some processors may be located outside the European Economic Area (for example in the United States). In those cases we rely on the European Commission’s Standard Contractual Clauses (SCCs) and, where applicable, supplementary technical measures to ensure an adequate level of protection consistent with GDPR Chapter V.

7. Your rights

Under the GDPR you have the right to:

• access your personal data (Art. 15);
• rectify inaccurate or incomplete data (Art. 16);
• request erasure (Art. 17);
• restrict processing (Art. 18);
• receive your data in a portable format (Art. 20);
• object to processing based on legitimate interest or direct marketing (Art. 21);
• withdraw consent at any time, without affecting prior lawful processing.

To exercise any of these rights, contact info@industream.com. You also have the right to lodge a complaint with the Commission nationale pour la protection des données (CNPD), the Luxembourg supervisory authority — www.cnpd.lu.

8. Cookies

Our cookie banner lets you accept or reject non-essential cookies. Detailed categories, names, and retention are described in our Cookie Policy.

9. Security

We apply appropriate technical and organisational measures — encryption in transit, access controls, and regular security reviews — to protect your data against unauthorized access, alteration, or loss.

10. Changes to this policy

We may update this policy to reflect legal, technical, or business developments. The “Last updated” date at the top of this page indicates the most recent revision.

11. Contact

Questions about this policy or about how we handle your data? Write to info@industream.com.