GDPR Compliance

1. Our Commitment to GDPR

eXAIndex is committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and what rights you have under this regulation.

2. Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds:

• Consent: You have given clear consent for us to process your personal data for a specific purpose
• Contract: Processing is necessary for a contract we have with you
• Legal obligation: Processing is necessary for us to comply with the law
• Legitimate interests: Processing is necessary for our legitimate interests or those of a third party

3. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

4. How to Exercise Your Rights

If you wish to exercise any of your GDPR rights, please contact us at info@exaindex.com. We will respond to your request within 30 days. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

5. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO at:
info@exaindex.com

6. Data Security Measures

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response and breach notification procedures
• Data minimization and pseudonymization where possible

7. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your data, and whether we can achieve those purposes through other means.

8. International Data Transfers

We may transfer your personal data outside the European Economic Area (EEA). If we do, we will ensure a similar degree of protection is afforded to it by implementing appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission.

9. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. If this changes, we will inform you and provide you with the right to request human intervention.

10. Right to Lodge a Complaint

You have the right to make a complaint at any time to your local supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.

11. Changes to This Policy

We may update this GDPR compliance page from time to time. Any changes we make will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes.

12. Contact Information

For any GDPR-related inquiries or to exercise your rights, please contact:

13. Related Pages

For privacy details and service terms, you may also want to read:

• Privacy Policy
• Cookie Policy
• Terms of Service
• Contact