GDPR Compliance

Last updated: April 24, 2026

Our Commitment to GDPR

UXAS is committed to protecting the privacy and personal data of our users in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

This page outlines our approach to GDPR compliance and your rights under the regulation.

Data Processing Principles

We process personal data in accordance with the following GDPR principles:

Lawfulness

We process personal data only when we have a lawful basis, such as consent, contract performance, or legitimate interests.

Fairness & Transparency

We process data fairly and provide clear information about how we collect and use personal data.

Purpose Limitation

We collect personal data for specified, explicit, and legitimate purposes and do not process it beyond those purposes.

Data Minimization

We collect only the personal data that is necessary for our specified purposes.

Accuracy

We keep personal data accurate and up to date, and take steps to erase or rectify inaccurate data.

Storage Limitation

We retain personal data only for as long as necessary for the purposes for which it was collected.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

Right of Access (Article 15)

You have the right to obtain confirmation whether we process your personal data and request access to your personal data and information about the processing.

Right to Rectification (Article 16)

You have the right to request correction of inaccurate personal data and completion of incomplete personal data.

Right to Erasure (Article 17)

You have the right to request deletion of your personal data under certain circumstances, such as when the data is no longer necessary.

Right to Restrict Processing (Article 18)

You have the right to request restriction of processing of your personal data under certain circumstances.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

Right to Object (Article 21)

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Legal Basis for Processing

We process personal data based on the following legal grounds:

Contract Performance

Processing necessary to provide our AI agents and RPA automation services, manage your account, and fulfill our contractual obligations.

Legitimate Interests

Processing necessary for our legitimate business interests, such as improving our services, security monitoring, and customer support.

Consent

Processing based on your explicit consent for specific purposes, such as marketing communications or optional features.

Legal Obligation

Processing necessary to comply with legal obligations, such as tax reporting or regulatory requirements.

Data Security Measures

We implement appropriate technical and organizational measures to ensure the security of personal data:

Technical Measures

  • End-to-end encryption for data in transit and at rest
  • Multi-factor authentication and access controls
  • Regular security audits and penetration testing
  • Automated backup and disaster recovery systems
  • Network security monitoring and intrusion detection

Organizational Measures

  • Staff training on data protection and privacy
  • Data protection impact assessments (DPIAs)
  • Incident response and breach notification procedures
  • Regular review and update of privacy policies
  • Vendor management and data processing agreements

International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure adequate protection through:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Certification schemes and codes of conduct

Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Inform affected data subjects without undue delay
  • Provide clear information about the breach and recommended actions
  • Take immediate steps to contain and remedy the breach

Exercising Your Rights

To exercise any of your GDPR rights or if you have questions about our data processing practices, please contact us:

Data Protection Officer

Email: dpo@uxas.com

Address: UXAS, Data Protection Office

Phone: +1 (555) 123-4567

Response Times

We will respond to your requests within one month of receipt. In complex cases, we may extend this period by up to two additional months and will inform you of any such extension.

Supervisory Authority

If you believe that our processing of your personal data violates GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State where you reside, work, or where the alleged violation occurred.

Updates to This Page

We may update this GDPR compliance page from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes through our website or by email.