Privacy Policy

Effective date: February 22, 2026

Last updated: February 22, 2026

1. General Provisions

1.1. This Privacy Policy (hereinafter referred to as the "Policy") defines the procedures for the collection, processing, storage, transfer, and protection of personal data of users of the website https://transcripto.eu (hereinafter referred to as the "Website") and the related services of the Transcripto platform (hereinafter referred to as the "Platform").

1.2. This Policy has been developed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the "GDPR", "General Data Protection Regulation"), as well as the applicable legislation of the Republic of Latvia in the area of personal data protection.

1.3. By using the Website or the Platform, you confirm that you have read this Policy and understand how we process your personal data. If you do not agree with the terms of this Policy, please refrain from using the Website and the Platform.

1.4. This Policy applies to all personal data that the Controller (as defined in Section 2) may obtain from a data subject (user) in the course of using the Website, the Platform, filling out contact forms, subscribing to newsletters, requesting a demonstration, and any other interactions.

2. Data Controller

2.1. The personal data controller (Data Controller) in accordance with Art. 4(7) of the GDPR is:

• Company name: Runpay Solutions SIA
• Registration number: No. 40203386881
• Registered address: Pirts iela 13-50, Riga, Latvia, LV-1003
• Website: https://transcripto.eu
• Email: info@transcripto.eu

2.2. For all matters related to the processing of personal data, the exercise of your rights as a data subject, as well as for submitting requests and complaints, you may contact the Data Protection Officer (DPO) at the following email address: info@transcripto.eu.

2.3. The Controller ensures the confidentiality of personal data and takes all necessary organizational and technical measures to protect them from unauthorized or accidental access, destruction, alteration, blocking, copying, distribution, as well as from other unlawful actions by third parties.

3. What Data We Collect

3.1. In connection with providing the Platform's services and operating the Website, we may collect and process the following categories of personal data:

3.1.1. Data provided directly by you:

• First name and last name;
• Email address;
• Phone number;
• Organization name and job title;
• Industry;
• Any other information that you voluntarily provide when filling out forms on the Website, in correspondence with us, or when requesting a demonstration of the Platform.

3.1.2. Data collected automatically (technical data):

• IP address;
• Browser type and version;
• Operating system type and device;
• Screen resolution;
• Browser language settings;
• Date, time, and duration of Website visits;
• Referral source (referrer URL).

3.1.3. Usage data (analytics data):

• Pages of the Website that you visit and the sequence of page views;
• Actions performed on the Website (clicks, scrolling, interaction with interface elements);
• Information about selected plans and demonstration requests.

3.1.4. Data from cookies and similar technologies:

• Session identifiers;
• User preferences (e.g., selected display theme);
• Analytics and marketing cookie data (subject to your consent).

3.2. We do not intentionally collect special categories of personal data (data concerning health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data) in accordance with Art. 9 of the GDPR.

4. Purposes and Legal Bases for Processing

4.1. We process your personal data only when there is a lawful legal basis in accordance with Art. 6 of the GDPR. Below are the purposes of processing and the corresponding legal bases:

4.1.1. Performance of a contract or taking steps prior to entering into a contract (Art. 6(1)(b) GDPR):

• Processing requests for Platform demonstrations and providing information about our services;
• Creating and managing your account on the Platform;
• Providing access to the Platform's functionality under the selected pricing plan;
• Invoicing and payment processing;
• Technical support and customer service;
• Communications related to the performance of contractual obligations.

4.1.2. Consent of the data subject (Art. 6(1)(a) GDPR):

• Sending marketing and informational newsletters (news, product updates, special offers);
• Setting analytics and marketing cookies;
• Conducting satisfaction surveys and user experience research.

You may withdraw your consent at any time by sending a notification to info@transcripto.eu or by using the unsubscribe link in our email communications. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

4.1.3. Legitimate interests of the Controller (Art. 6(1)(f) GDPR):

• Ensuring the operability, security, and improvement of the Website and the Platform;
• Analyzing the use of the Website and the Platform in order to optimize user experience;
• Fraud prevention and information security;
• Protecting the Controller's legitimate rights and interests in the event of disputes;
• Conducting internal analytics and statistics for business decision-making.

When processing data on the basis of legitimate interests, we conduct a balancing test to ensure that our interests do not override your rights and freedoms.

5. Cookies

5.1. The Website uses cookies — small text files that are placed on your device when you visit the Website. Cookies allow the Website to recognize your device and store certain information about your preferences and actions.

5.2. Types of cookies used:

5.2.1. Strictly necessary (essential) cookies:

• Provide the basic functionality of the Website (navigation, access to secure areas);
• Save the selected display theme (dark/light);
• Maintain user session settings;
• Legal basis: legitimate interest (Art. 6(1)(f) GDPR) — consent is not required.

5.2.2. Analytics cookies:

• Collect anonymized statistics about Website visits;
• Help us understand how users interact with the Website and improve its performance;
• Legal basis: consent (Art. 6(1)(a) GDPR) — set only after obtaining your consent.

5.2.3. Preference (functional) cookies:

• Remember your individual settings (language, region, display options);
• Enhance your user experience on subsequent visits;
• Legal basis: consent (Art. 6(1)(a) GDPR).

5.3. Upon your first visit to the Website, a cookie management banner is displayed, allowing you to accept or decline individual cookie categories. You can change your preferences at any time through the cookie settings on the Website.

5.4. You can also manage cookies through your browser settings: block all or specific types of cookies, as well as delete previously set cookies. Please note that disabling strictly necessary cookies may result in limited functionality of the Website.

6. Data Sharing with Third Parties

6.1. We do not sell, rent, or transfer your personal data to third parties for commercial purposes.

6.2. We may share your personal data with the following categories of recipients solely to the extent necessary to achieve the purposes set out in this Policy:

• Data Processors: service providers acting on our behalf and under our instructions, including: hosting and cloud infrastructure providers, analytics services, payment systems, email service providers, and CRM systems. A Data Processing Agreement (DPA) has been concluded with each processor in accordance with Art. 28 of the GDPR;
• Professional advisors: legal, accounting, and auditing firms in connection with the provision of professional services to us;
• Government authorities: in cases where the disclosure of data is required by applicable law, a court order, or a request from a competent government authority.

6.3. When engaging data processors, we ensure that they provide sufficient guarantees for the implementation of appropriate technical and organizational measures to protect the rights of data subjects in accordance with the requirements of the GDPR.

7. International Data Transfers

7.1. Your personal data is primarily processed and stored within the European Economic Area (EEA).

7.2. In the event that personal data needs to be transferred outside the EEA, we ensure an adequate level of protection in accordance with Chapter V of the GDPR by applying one or more of the following mechanisms:

• European Commission adequacy decision: data is transferred to countries that the European Commission has determined to provide an adequate level of personal data protection (Art. 45 GDPR);
• Standard Contractual Clauses (SCC): we conclude standard contractual clauses approved by the European Commission with data recipients, providing appropriate safeguards for data protection (Art. 46(2)(c) GDPR);
• Binding Corporate Rules (BCR): for intra-group data transfers, where applicable (Art. 47 GDPR);
• Other legal bases: derogations provided for under Art. 49 of the GDPR (explicit consent of the data subject, performance of a contract, important reasons of public interest, etc.).

7.3. You are entitled to obtain information about the specific safeguards applied to international transfers of your data by sending a request to info@transcripto.eu.

8. Data Retention Periods

8.1. We retain your personal data for no longer than is necessary to achieve the purposes for which it was collected, or for the periods established by applicable law. Upon expiration of the retention period, the data is deleted or anonymized.

8.2. Below are the main retention periods by data category:

• Client account data (name, email, phone, organization details): retained for the entire duration of the contract and for 3 (three) years after its termination, unless otherwise required by law;
• Contact form and demonstration request data: retained for 1 (one) year from the last interaction, if the inquiry did not result in the conclusion of a contract;
• Marketing mailing data: retained until consent is withdrawn or the user unsubscribes, but for no longer than 3 (three) years from the last active interaction;
• Accounting and financial documents: retained for the periods established by the tax and accounting legislation of the Republic of Latvia (generally 5 years);
• Technical data and server logs: retained for no longer than 12 (twelve) months;
• Cookie data: retained in accordance with the validity periods of the specific cookies specified in Section 5 of this Policy;
• Communication recordings and transcriptions (processed by the Platform on behalf of the client): retained for the duration of the contract with the client. The controller of such data is the Platform's client; Runpay Solutions SIA acts as the data processor.

8.3. In the event of a legal dispute or a request from a competent government authority, the retention period for the relevant data may be extended until the final resolution of the dispute or completion of the request.

9. Your Rights

9.1. In accordance with the GDPR (Art. 15-22), as a data subject, you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR): you have the right to obtain confirmation as to whether your personal data is being processed, as well as access to such data and information about the purposes of processing, categories of data, recipients, retention periods, and other circumstances of processing;
• Right to rectification (Art. 16 GDPR): you have the right to request the correction of inaccurate personal data, as well as the completion of incomplete data;
• Right to erasure / "right to be forgotten" (Art. 17 GDPR): you have the right to request the deletion of your personal data where grounds exist under the GDPR (e.g., the data is no longer necessary for the purposes of processing, you have withdrawn consent, the data was processed unlawfully);
• Right to restriction of processing (Art. 18 GDPR): you have the right to request the restriction of processing of your data in certain cases (e.g., while verifying the accuracy of the data or the legitimacy of an objection);
• Right to data portability (Art. 20 GDPR): you have the right to receive your personal data in a structured, commonly used, and machine-readable format, as well as to request the transfer of such data to another controller, where processing is based on consent or a contract and is carried out by automated means;
• Right to object (Art. 21 GDPR): you have the right to object at any time to the processing of your personal data carried out on the basis of legitimate interests (Art. 6(1)(f) GDPR) or for the purposes of direct marketing. In the case of an objection to processing for direct marketing purposes, processing shall cease immediately;
• Right not to be subject to automated decision-making (Art. 22 GDPR): you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you;
• Right to withdraw consent: if the processing of data is carried out on the basis of your consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out prior to the withdrawal.

9.2. To exercise any of the above rights, please send a request to the email address info@transcripto.eu, specifying your name and a description of the request. We undertake to respond to your request within 30 (thirty) calendar days from the date of its receipt. In the case of complex or voluminous requests, this period may be extended by an additional 60 (sixty) days with prior notification.

9.3. To verify your identity when processing a request, we may ask you to provide additional information.

9.4. Right to lodge a complaint with a supervisory authority: if you believe that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a data protection supervisory authority. The competent supervisory authority for Runpay Solutions SIA is:

• Datu valsts inspekcija (DVI) — Data State Inspectorate of Latvia
• Address: Elijas iela 17, Riga, LV-1050, Latvia
• Website: https://www.dvi.gov.lv

You also have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

10. Data Security

10.1. We implement appropriate technical and organizational measures to ensure the security of your personal data in accordance with Art. 32 of the GDPR, including:

Technical measures:

• Encryption of data at rest using the AES-256 algorithm;
• Encryption of data in transit using the TLS 1.2/1.3 protocol;
• Regular data backups with encrypted backup copies;
• Intrusion detection and prevention systems (IDS/IPS);
• Firewalls and network segmentation;
• Multi-factor authentication for access to data processing systems;
• Regular software updates and security patch application.

Organizational measures:

• Restricting access to personal data on a need-to-know basis (principle of least privilege);
• Regular staff training on personal data protection and information security;
• Internal policies and procedures for personal data processing;
• Incident response procedures for data security breaches in accordance with Art. 33-34 of the GDPR;
• Regular security audits and Data Protection Impact Assessments (DPIA) where necessary;
• Non-disclosure agreements (NDA) with employees and contractors who have access to personal data.

10.2. In the event of a personal data breach that is likely to result in a high risk to the rights and freedoms of data subjects, we will notify the supervisory authority within 72 hours of becoming aware of the breach (Art. 33 GDPR), and we will promptly notify the affected data subjects (Art. 34 GDPR).

11. Changes to This Policy

11.1. We reserve the right to make changes to this Privacy Policy. The current version of the Policy is always available on the Website at https://transcripto.eu/en/privacy-policy.

11.2. In the event of material changes, we will notify you by one or more of the following methods:

• Posting a notice on the Website;
• Sending a notification by email (if you are a registered user of the Platform);
• Displaying a banner when you visit the Website.

11.3. Material changes include: changes to the list of processing purposes, expansion of the categories of data collected, changes to the legal bases for processing, transfer of data to new categories of recipients, and changes to the procedure for international data transfers.

11.4. Continued use of the Website and the Platform after the changes take effect constitutes your acknowledgment of the updated Policy. If the changes require obtaining new consent, we will request it in the appropriate manner.

12. Contact Information

12.1. If you have any questions, comments, or requests related to this Privacy Policy or the processing of your personal data, you may contact us:

• Controller: Runpay Solutions SIA
• Registration number: No. 40203386881
• Address: Pirts iela 13-50, Riga, Latvia, LV-1003
• Email: info@transcripto.eu
• Website: https://transcripto.eu

12.2. If you are not satisfied with our response or believe that we are processing your personal data in violation of the GDPR, you have the right to lodge a complaint with the competent supervisory authority:

• Datu valsts inspekcija (DVI) — Data State Inspectorate of Latvia
• Address: Elijas iela 17, Riga, LV-1050, Latvia
• Website: https://www.dvi.gov.lv

We recommend contacting us directly first so that we can review and resolve your inquiry as promptly as possible.