Ce contenu n’est pas encore disponible dans votre langue.
Data Processing & Privacy Position (GDPR)
ALTCHA (operated by BAU Software s.r.o.) does not process customer data.
When the software is self-hosted (on-premises or private cloud), all data remains entirely within the customer’s infrastructure. During normal operation:
- No personal data is transferred to our servers or other services
- We do not receive or access logs, telemetry, analytics, or backups.
- We do not have visibility into any data processed by the customer.
Under the GDPR:
- The customer is the Data Controller — they determine how personal data is processed.
- ALTCHA (operated by BAU Software s.r.o.) is not a Data Processor, because we do not process any personal data on behalf of the customer.
Therefore, a Data Processing Agreement (DPA) is not legally required (GDPR Art. 4 & 28).
For customers who need documentation for internal compliance purposes, we provide a “No-Processing DPA Statement”, confirming that:
- The product is fully self-hosted.
- No personal data is transferred to us.
- No processing relationship is created.
For managed deployments, or if temporary access is ever requested (for example, during support or troubleshooting), a separate agreement will be executed defining access scope and security controls.
Documents
- No-Processing DPA (PDF)