Our commitment to data protection under the General Data Protection Regulation
NoteX is fully committed to complying with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). We recognize the importance of data privacy and have implemented comprehensive measures to ensure the rights and freedoms of data subjects are protected.
This page outlines how NoteX processes personal data in compliance with GDPR requirements and describes the rights available to individuals within the European Economic Area (EEA) and United Kingdom.
NoteX acts as the Data Controller for personal data collected directly from users of our platform, including:
When businesses use NoteX to send notifications to their clients, NoteX acts as the Data Processor. In this capacity:
We process personal data under the following legal bases as defined by Article 6 of the GDPR:
Processing necessary for the performance of a contract, such as account creation, service delivery, and payment processing.
Processing necessary for our legitimate interests, including service improvement, security measures, and fraud prevention, balanced against the rights of data subjects.
Processing based on freely given, specific, informed, and unambiguous consent, such as marketing communications and optional analytics.
Processing necessary for compliance with a legal obligation, such as tax reporting and regulatory requirements.
Under the GDPR, individuals have the following rights regarding their personal data:
You have the right to obtain confirmation of whether we process your personal data and to receive a copy of that data. We will respond to access requests within 30 days.
You have the right to request correction of inaccurate personal data. You can update most information directly through your account settings.
You have the right to request deletion of your personal data ("right to be forgotten") when the data is no longer necessary, you withdraw consent, or you object to processing. Certain exceptions apply, such as legal obligations.
You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of data or object to processing.
You have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV) and to transmit it to another controller.
You have the right to object to processing based on legitimate interests or direct marketing. We will cease processing unless we demonstrate compelling legitimate grounds.
NoteX does not make decisions based solely on automated processing that produce legal or similarly significant effects on individuals.
To exercise any of these rights, contact our Data Protection Officer at dpo@notex.io. We will respond within 30 days of receiving your request.
We provide a comprehensive Data Processing Agreement to all business customers in accordance with Article 28 of the GDPR. Our DPA covers:
To request a DPA, contact legal@notex.io.
When personal data is transferred outside the EEA, we ensure adequate safeguards are in place:
We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in a high risk to data subjects, including:
In the event of a personal data breach, we comply with the GDPR notification requirements:
We use the following categories of sub-processors to deliver the Service:
We maintain an up-to-date list of sub-processors and notify business customers of any changes. All sub-processors are bound by data processing agreements that meet GDPR requirements.
NoteX has appointed a Data Protection Officer (DPO) who can be contacted for any questions regarding our GDPR compliance:
If you are unsatisfied with our handling of your personal data, you have the right to lodge a complaint with your local supervisory authority. A list of EU/EEA supervisory authorities can be found on the European Data Protection Board website.