GDPR Compliance
What is GDPR?
The General Data Protection Regulation (GDPR) is an EU-wide privacy
and data protection law that regulates how individuals' data is
protected and enhances their control over personal data. It applies to
any global company processing data of EU residents, not just EU-based
businesses.
We implement GDPR controls as our baseline standard for all operations
worldwide, recognizing that customer data is important regardless of
location.
What is Personal Data?
Under GDPR, personal data is any information relating to an identified
or identifiable individual. This includes:
- Names, email addresses, phone numbers
- Financial and payment information
- IP addresses and device identifiers
- Political opinions and religious beliefs
- Genetic, biometric, and health data
- Location data and browsing history
- Ethnicity, sexual orientation, and similar characteristics
How We Comply with GDPR
ISO 27001:2022 & ISO 42001:2023 Certified: Our
GDPR compliance is underpinned by our certifications under ISO
27001:2022 (Information Security Management) and ISO 42001:2023 (AI
Management), ensuring systematic and continuous improvement of our
data protection practices.
Organizational Measures
- Appointed Data Protection Officer (DPO)
- Privacy champions in all teams
- Regular employee training on data protection
- Awareness programs across the organization
Documentation & Records
-
Information Asset Register (IAR) documenting all data processing
- Record of processing activities for all roles
- Data Processing Addendums with customers and vendors
- Impact assessments and risk analyses
Privacy by Design
- All products assessed against GDPR requirements
- New features designed with privacy controls
- Users given enhanced control over their data
- Privacy integrated into product development
Data Protection Impact Assessments (DPIA)
- Conducted for high-risk processing activities
- Appropriate controls implemented based on findings
- Risk mitigation strategies developed and executed
Data Processing Addendum (DPA)
We maintain a Data Processing Addendum compliant with GDPR,
incorporating Standard Contractual Clauses. If you process EU
residents' personal data, request the DPA at
info@intellocore.com.
Vendor Management
- All sub-processors assessed for data protection compliance
- Contracts require adherence to GDPR and data protection laws
- Periodic reviews of vendor compliance
Enhanced Security
- Encryption at rest (AES-256) and in transit (TLS 1.2/1.3)
- Access controls based on least privilege principle
- Multi-factor authentication for sensitive access
- Regular security assessments and penetration testing
Data Cleanup
- Regular database cleanup to maintain accuracy
- Removal of terminated and dormant accounts
- Retention of only current, relevant information
Your GDPR Rights
Under GDPR, you have the following rights:
Right of Access
You can request a copy of the personal data we hold about you in a
structured, commonly used, machine-readable format.
Right to Rectification
You can request correction of inaccurate or incomplete personal data.
Right to Erasure
You can request deletion of your personal data in certain
circumstances.
Right to Restrict Processing
You can request that we limit how we use your personal data.
Right to Data Portability
You can request your personal data in a portable format to transfer to
another provider.
Right to Object
You can object to certain processing activities, particularly for
marketing purposes.
Right to Withdraw Consent
You can withdraw consent at any time for processing activities based
on your consent.
To exercise any GDPR rights, contact us at
info@intellocore.com.
Data Breach Notification
In the event of a personal data breach, we will:
- Notify the relevant Data Protection Authority within 72 hours
- Notify affected individuals without undue delay
-
Provide details of the breach and recommended protective measures
Legal Basis for Processing
We process personal data under the following legal bases:
- Consent: You have provided explicit consent
-
Contract: Processing is necessary to perform a
contract with you
-
Legal Obligation: We are required by law to process
the data
-
Vital Interests: Processing protects your vital
interests
-
Public Interest: Processing is necessary for public
interest purposes
-
Legitimate Interests: We have legitimate business
interests
Transferring Data Outside the EEA
If we transfer personal data outside the EEA, we rely on mechanisms
approved by the European Commission, such as Standard Contractual
Clauses or Binding Corporate Rules. We ensure adequate safeguards are
in place.
Contact Our Data Protection Officer
For GDPR-related inquiries or to exercise your rights:
Email: info@intellocore.com
Complaints to Supervisory Authorities
You have the right to lodge a complaint with your local Data
Protection Authority if you believe we have violated your GDPR rights.
Contact details for your country's authority are available at
edpb.europa.eu.
Last Updated: May 2026