Compliance & GDPR

Last updated: 13 January 2026

This page describes how Probativa approaches regulatory compliance, data protection, and privacy obligations, including compliance with the EU General Data Protection Regulation (GDPR).

Probativa designs and operates software with data minimization, transparency, and control as core principles.

Regulatory Context

Probativa operates from the European Union and is subject to applicable EU data protection laws, including:

  • Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR)
  • Relevant national data protection legislation

Our products are designed for use by organizations that require clear, auditable, and predictable software behavior in regulated or compliance-sensitive environments.

Data Protection Principles

Probativa follows these core data protection principles across its software and services:

  • Data minimization
    • We collect and process only the data necessary to provide the software, licensing, and support services.
  • Purpose limitation
    • Data is processed solely for explicit and legitimate purposes, such as licensing validation, support requests, or contractual obligations.
  • Transparency
    • We provide clear information about what data is processed, how it is used, and under what legal basis.
  • Security by design
    • Security and data protection considerations are integrated into product design and development.
  • Control and accountability
    • Customers retain control over their data and how the software is deployed and operated.

Personal Data Processing

Depending on the context, Probativa may process limited personal data, including:

  • Contact information provided through website forms (e.g. name, email, organization)
  • Licensing and purchase records
  • Support correspondence
  • Technical metadata necessary for license activation or validation (where applicable)

Probativa does not intentionally process personal data unrelated to product functionality, licensing, or support.

Depending on the context, Probativa may act as a data controller (e.g. for website users and customers) or as a data processor (e.g. when processing customer data strictly on their behalf through software services).

Legal Bases for Processing

Personal data is processed under one or more of the following legal bases, as applicable:

  • Performance of a contract
  • Compliance with legal obligations
  • Legitimate interests related to software licensing, security, and support
  • Explicit consent, where required

Detailed information is provided in the Privacy Policy available on our website..

Data Storage and Location

  • Probativa operates from the EU
  • Data is stored and processed in compliance with applicable EU data protection requirements
  • Where third-party service providers are used, they are selected with data protection and security considerations in mind

Probativa does not sell or repurpose customer data.

Customer Data Ownership

Customers retain ownership and responsibility for the data they process using Probativa software.

Probativa software is designed to:

  • Operate locally or within customer-controlled environments
  • Avoid unnecessary data transmission
  • Support compliance with internal data governance policies

For desktop software products, core functionality may operate independently of online services once licensed.

Data Security Measures

Probativa applies appropriate technical and organizational measures to protect data, including:

  • Secure development practices
  • Access controls
  • Separation of environments
  • Regular updates and maintenance
  • Limiting access to customer data to authorized purposes only

Security measures are proportional to the nature and scope of the data processed.

Data Subject Rights

In accordance with GDPR, data subjects have the right to:

  • Access their personal data
  • Request correction of inaccurate data
  • Request erasure where applicable
  • Restrict or object to processing in certain circumstances
  • Request data portability, where applicable

Requests may be submitted via the contact details provided on the website.

Data subjects also have the right to lodge a complaint with their local data protection authority. In Portugal, this is the Comissão Nacional de Proteção de Dados (CNPD).

Data Retention

Personal data is retained only for as long as necessary to fulfill contractual, legal, or operational requirements.

Retention periods depend on:

  • The nature of the data
  • Legal obligations
  • Legitimate business requirements

Data that is no longer required is securely deleted or anonymized.

Processors and Sub-processors

Where Probativa uses third-party processors (e.g. for payments, hosting, or communications), such processors are required to meet applicable data protection and security obligations.

Probativa remains responsible for ensuring that appropriate contractual and technical safeguards are in place.

Audits and Compliance Support

Probativa software is designed to support customer compliance efforts by providing:

  • Predictable and verifiable behavior
  • Clear licensing and version control
  • Audit-friendly reporting where applicable

Customers remain responsible for ensuring their own regulatory compliance when using the software.

Limitations

Probativa does not provide legal advice.

Compliance with GDPR and other regulations depends on how software is deployed, configured, and used by customers within their own environments.

Customers should consult their legal or compliance advisors as appropriate.

Contact

For questions related to data protection, compliance, or GDPR, please contact us via the website.

We aim to respond clearly and transparently.