GDPR Compliance Policy

Effective date: 09.09.2025

1. Introduction and Scope

This GDPR Compliance Policy applies to the processing of personal data by IntraconIX Group ("Company", "we", "us", "our") for individuals located in the European Economic Area (EEA), United Kingdom, Switzerland, or any other jurisdiction where GDPR protections apply. This policy supplements our general Privacy Policy and Terms & Conditions with specific provisions required under the General Data Protection Regulation (EU) 2016/679 ("GDPR").

2. Data Controller and Data Protection Officer

Data Controller: IntraconIX Group. Registered Address: [As specified in relevant Orders]. Email: privacy@intraconix.com

Data Protection Officer (DPO): Email: dpo@intraconix.com. Our DPO is responsible for overseeing GDPR compliance and can be contacted for all data protection matters.

3. Legal Basis for Processing Personal Data

We process personal data only when we have a valid legal basis under Article 6 of the GDPR:

• Contract Performance: Processing necessary to deliver Services you've requested, manage your account, and fulfill orders.
• Legitimate Interests: For business administration, service improvement, network security, fraud prevention, and direct marketing to existing clients (with opt-out rights).
• Legal Obligation: To comply with tax, accounting, AML/KYC obligations, and lawful requests from authorities.
• Consent: For marketing to non-clients and placing non-essential cookies. Consent can be withdrawn at any time.

4. Data Controller vs. Data Processor Roles

We act as a Data Controller for client account information, billing data, and website visitor data. We may act as a Data Processor when providing certain services on behalf of clients, subject to a Data Processing Agreement (DPA).

5. Categories of Personal Data Processed

We collect Identity, Contact, Financial, Technical, Profile, Usage, and Communication Data. We do not intentionally collect special categories of personal data (e.g., health, racial origin).

6. Data Subject Rights Under GDPR

You have the following rights:

• Right of Access: To request a copy of your personal data.
• Right to Rectification: To correct inaccurate personal data.
• Right to Erasure ("Right to be Forgotten"): To request deletion of your data under certain conditions.
• Right to Restriction of Processing: To limit how we process your data.
• Right to Data Portability: To receive your data in a machine-readable format.
• Right to Object: To object to processing based on legitimate interests and for direct marketing.
• Rights Related to Automated Decision-Making: Not to be subject to solely automated decisions with legal effects.

7. Exercising Your Rights

To exercise your rights, please email privacy@intraconix.com or dpo@intraconix.com. We will respond within one month after verifying your identity.

8. International Data Transfers

When transferring personal data outside the EEA, we use appropriate safeguards such as EU-approved Standard Contractual Clauses (SCCs) and conduct Transfer Impact Assessments to ensure data protection.

9. Data Security Measures (Article 32)

We implement robust technical and organizational measures, including encryption, access controls, regular security testing, and staff training, to protect your data.

10. Data Breach Notification

In the event of a data breach, we will notify the relevant supervisory authority within 72 hours where feasible and notify affected individuals without undue delay if there is a high risk to their rights and freedoms.

11. Privacy by Design and Default

We integrate data protection principles into our projects and services from the outset, including conducting Data Protection Impact Assessments (DPIAs) for high-risk processing activities.

12. Data Retention Periods

We retain data only for as long as necessary based on legal requirements, contractual obligations, and legitimate business needs (e.g., financial records for 7 years).

13. Third-Party Processors and Sub-Processors

We ensure that all third-party processors provide sufficient GDPR compliance guarantees and sign appropriate data processing agreements. A list of our sub-processors is available upon request.

14. Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority or our lead supervisory authority.

15. Specific Processing Scenarios

We process data for marketing based on legitimate interest (for clients) or consent (for prospects). We use analytics to improve our services but do not engage in automated decision-making with legal effects.

16. GDPR Compliance Governance

Our GDPR compliance program includes regular audits, documentation of processing activities (Article 30 records), privacy training for staff, and vendor due diligence.

17. Contact Information

For GDPR-specific inquiries, please contact our Data Protection Officer at dpo@intraconix.com or our Privacy Team at privacy@intraconix.com.

18. Updates to This Policy

This policy is reviewed regularly. Material changes will be communicated to registered users and posted on our website.

---

Document Version: 1.0
Last Updated: September 25, 2025
Legal Framework: General Data Protection Regulation (EU) 2016/679