GDPR Compliance

GDPR Compliance

What is GDPR?

The General Data Protection Regulation (GDPR) is an EU-wide privacy and data protection law that regulates how individuals' data is protected and enhances their control over personal data. It applies to any global company processing data of EU residents, not just EU-based businesses.

We implement GDPR controls as our baseline standard for all operations worldwide, recognizing that customer data is important regardless of location.

What is Personal Data?

Under GDPR, personal data is any information relating to an identified or identifiable individual. This includes:

• Names, email addresses, phone numbers
• Financial and payment information
• IP addresses and device identifiers
• Political opinions and religious beliefs
• Genetic, biometric, and health data
• Location data and browsing history
• Ethnicity, sexual orientation, and similar characteristics

How We Comply with GDPR

ISO 27001:2022 & ISO 42001:2023 Certified: Our GDPR compliance is underpinned by our certifications under ISO 27001:2022 (Information Security Management) and ISO 42001:2023 (AI Management), ensuring systematic and continuous improvement of our data protection practices.

Organizational Measures

• Appointed Data Protection Officer (DPO)
• Privacy champions in all teams
• Regular employee training on data protection
• Awareness programs across the organization

Documentation & Records

• Information Asset Register (IAR) documenting all data processing
• Record of processing activities for all roles
• Data Processing Addendums with customers and vendors
• Impact assessments and risk analyses

Privacy by Design

• All products assessed against GDPR requirements
• New features designed with privacy controls
• Users given enhanced control over their data
• Privacy integrated into product development

Data Protection Impact Assessments (DPIA)

• Conducted for high-risk processing activities
• Appropriate controls implemented based on findings
• Risk mitigation strategies developed and executed

Data Processing Addendum (DPA)

We maintain a Data Processing Addendum compliant with GDPR, incorporating Standard Contractual Clauses. If you process EU residents' personal data, request the DPA at info@intellocore.com.

Vendor Management

• All sub-processors assessed for data protection compliance
• Contracts require adherence to GDPR and data protection laws
• Periodic reviews of vendor compliance

Enhanced Security

• Encryption at rest (AES-256) and in transit (TLS 1.2/1.3)
• Access controls based on least privilege principle
• Multi-factor authentication for sensitive access
• Regular security assessments and penetration testing

Data Cleanup

• Regular database cleanup to maintain accuracy
• Removal of terminated and dormant accounts
• Retention of only current, relevant information

Your GDPR Rights

Under GDPR, you have the following rights:

Right of Access

You can request a copy of the personal data we hold about you in a structured, commonly used, machine-readable format.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data in certain circumstances.

Right to Restrict Processing

You can request that we limit how we use your personal data.

Right to Data Portability

You can request your personal data in a portable format to transfer to another provider.

Right to Object

You can object to certain processing activities, particularly for marketing purposes.

Right to Withdraw Consent

You can withdraw consent at any time for processing activities based on your consent.

To exercise any GDPR rights, contact us at info@intellocore.com.

Data Breach Notification

In the event of a personal data breach, we will:

• Notify the relevant Data Protection Authority within 72 hours
• Notify affected individuals without undue delay
• Provide details of the breach and recommended protective measures

Legal Basis for Processing

We process personal data under the following legal bases:

• Consent: You have provided explicit consent
• Contract: Processing is necessary to perform a contract with you
• Legal Obligation: We are required by law to process the data
• Vital Interests: Processing protects your vital interests
• Public Interest: Processing is necessary for public interest purposes
• Legitimate Interests: We have legitimate business interests

Transferring Data Outside the EEA

If we transfer personal data outside the EEA, we rely on mechanisms approved by the European Commission, such as Standard Contractual Clauses or Binding Corporate Rules. We ensure adequate safeguards are in place.

Contact Our Data Protection Officer

For GDPR-related inquiries or to exercise your rights:

Email: info@intellocore.com

Complaints to Supervisory Authorities

You have the right to lodge a complaint with your local Data Protection Authority if you believe we have violated your GDPR rights. Contact details for your country's authority are available at edpb.europa.eu.

Last Updated: May 2026