Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

2. What Data We Collect

We collect personal data only when you actively provide it through the contact form on this website. The data collected is:

• Full name — to address you by name in our response
• Email address — to reply to your enquiry
• Message content — the details of your enquiry

We do not collect any other personal data. We do not use analytics tools, tracking pixels, advertising cookies, or any third-party tracking services on this website.

3. How We Use Your Data

Your data is used solely to:

• Respond to your enquiry via email
• Follow up on a potential business engagement if relevant

We will never use your data for marketing purposes, sell it to third parties, or share it with anyone outside of HiCode without your explicit consent.

4. Legal Basis for Processing

We process your personal data on the basis of:

• Legitimate interests (Article 6(1)(f) GDPR) — responding to a business enquiry you have initiated constitutes a legitimate interest for both parties.
• Pre-contractual steps (Article 6(1)(b) GDPR) — where the enquiry leads to a discussion about entering into a contract.

5. Data Retention

We retain enquiry data (name, email, message) for a maximum of 12 months from the date of receipt, unless a contractual relationship is established — in which case data is retained for the duration required by applicable law (up to 5 years for business records).

After the retention period your data is permanently deleted from our systems.

6. Third-Party Processors

Your data passes through the following third-party service when you submit the contact form:

• Email delivery provider (SMTP) — used to transmit your message to our inbox. The message is not stored by the provider beyond transmission.

We do not use cloud CRM tools, marketing platforms, or any other services that would receive or store your personal data.

7. Cookies

This website uses a single session cookie for CSRF (Cross-Site Request Forgery) protection. This is a technical security measure required for the contact form to operate safely. It contains no personal data, is not used for tracking, and expires at the end of your browser session.

No advertising, analytics, or third-party cookies are set.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• HTTPS / TLS 1.3 encryption for all data in transit
• CSRF protection on all form submissions
• Rate limiting and honeypot spam protection on the contact form
• Access to received enquiries is limited to authorised personnel only

9. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights regarding your personal data:

• Right of access — request a copy of the data we hold about you
• Right to rectification — request correction of inaccurate data
• Right to erasure — request deletion of your data ("right to be forgotten")
• Right to restriction — request that we limit processing of your data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests

To exercise any of these rights, contact us at office@hicode.dev. We will respond within 30 days.

10. International Transfers

HiCode is based in North Macedonia. When we receive your enquiry, your data may be processed in North Macedonia. North Macedonia has implemented data protection legislation aligned with GDPR principles. If you are based in the EU/EEA, we handle your data with the same level of protection required under GDPR.

11. Complaints

If you believe your data has been processed unlawfully, you have the right to lodge a complaint with your local supervisory authority. In North Macedonia, the supervisory authority is:

EU residents may also contact their national data protection authority.

12. Changes to This Policy

We may update this policy from time to time. The date at the top of this page reflects the most recent revision. Continued use of the website after changes constitutes acceptance of the updated policy.