Privacy Overview | Permanent Systems

1. Purpose of This Document

This Privacy Overview describes how Permanent Systems approaches the processing and protection of personal data across its services, including but not limited to Sotilink and OnCast.

This document is intended to:

explain the general data protection principles applied by Permanent Systems;
clarify roles and responsibilities of all parties involved;
serve as an entry point to more specific legal documents, including the Privacy Policy, Data Processing Addendum (DPA), and product-specific terms.

This overview does not replace legally binding agreements and should be read together with related legal documents.

2. Roles and Responsibility Model

2.1 Permanent Systems

Depending on the context, Permanent Systems may act as:

Data Controller — when processing personal data related to:
- its own users and account holders;
- administrators of tenant accounts;
- billing, authentication, security, and compliance activities.
Data Processor — when processing personal data on behalf of tenants using Sotilink, OnCast, or other services operated by Permanent Systems.

Permanent Systems does not determine the purposes or legal grounds for processing end-customer data belonging to tenants.

2.2 Tenants (Customers of Sotilink / OnCast)

Each tenant acts as an independent Data Controller with respect to personal data of its own customers, users, or contacts.

Tenants are solely responsible for:

determining the purposes and legal bases for data processing;
providing required notices to data subjects;
obtaining consent where required by law;
responding to data subject requests;
complying with applicable data protection laws.

2.3 End Users and Data Subjects

End users and customers of tenants are considered data subjects.

Requests related to personal data processed by a tenant should be directed to the respective tenant. Permanent Systems does not have a direct relationship with such data subjects unless explicitly required by law.

3. Categories of Personal Data

Depending on usage of the services, the following categories of data may be processed:

Account and user data (e.g. name, email address, authentication credentials);
Tenant customer data (e.g. contact details, message content, files, transactional data);
Technical and operational data (e.g. logs, IP addresses, device information, security events).

Permanent Systems applies the principle of data minimization and processes only data necessary for providing its services.

4. General Data Processing Principles

Permanent Systems follows recognized data protection principles, including:

lawfulness, fairness, and transparency;
purpose limitation;
data minimization;
accuracy;
storage limitation;
integrity and confidentiality.

These principles are applied in accordance with the role performed (Controller or Processor).

5. Applicable Data Protection Laws

5.1 Primary Legal Frameworks

Permanent Systems primarily operates in accordance with:

the General Data Protection Regulation (GDPR) of the European Union;
the Law of Georgia on Personal Data Protection.

5.2 Additional Jurisdictions

Where applicable and to the extent required by law, Permanent Systems follows principles derived from:

UK GDPR;
Swiss Federal Act on Data Protection (FADP);
California Consumer Privacy Act (CCPA/CPRA).

This does not create additional obligations beyond those required by applicable law.

6. Cross-Border Data Transfers

Personal data may be processed or stored in different jurisdictions depending on the technical infrastructure used.

Where cross-border transfers occur, Permanent Systems applies appropriate safeguards, including contractual and organizational measures, in accordance with applicable legal requirements.

7. Security Measures

Permanent Systems implements reasonable technical and organizational measures designed to protect personal data, including but not limited to:

access controls and authentication mechanisms;
data segregation between tenants;
monitoring and incident response procedures.

No method of transmission or storage is guaranteed to be completely secure.

8. Rights of Data Subjects

Data subjects may have rights under applicable law, including the right to:

access, correct, or delete personal data;
restrict or object to processing;
request data portability.

Requests related to data controlled by Permanent Systems may be submitted directly to Permanent Systems.
Requests related to data controlled by a tenant must be addressed to the respective tenant.

This Privacy Overview should be read together with:

the Privacy Policy;
the Data Processing Addendum (DPA);
product-specific privacy extensions;
the Terms of Service.

10. Updates to This Document

Permanent Systems may update this document from time to time.
Changes become effective upon publication unless stated otherwise.

Continued use of the services after an update constitutes acceptance of the revised document.

11. Contact Information

Questions related to personal data protection may be directed to Permanent Systems using the contact details provided on the official website.

1. Purpose of This Document​

2. Roles and Responsibility Model​

2.1 Permanent Systems​

2.2 Tenants (Customers of Sotilink / OnCast)​

2.3 End Users and Data Subjects​

3. Categories of Personal Data​

4. General Data Processing Principles​

5. Applicable Data Protection Laws​

5.1 Primary Legal Frameworks​

5.2 Additional Jurisdictions​

6. Cross-Border Data Transfers​

7. Security Measures​

8. Rights of Data Subjects​

9. Related Legal Documents​

10. Updates to This Document​

11. Contact Information​