How Vortex 360 processes personal data in compliance with the EU General Data Protection Regulation and Saudi Arabia's Personal Data Protection Law (PDPL).
You are the Data Controller. You determine why and how personal data is processed. Vortex 360 acts as your Data Processor and processes data strictly on your instructions under a Data Processing Agreement.
Vortex 360 is the Data Controller for data collected to manage your subscription, provide support, and communicate product updates. Our Privacy Policy governs this processing.
Under GDPR, you have comprehensive rights over your personal data. We make it easy to exercise them.
Request a full copy of all personal data we hold about you or your organisation.
Ask us to correct inaccurate or incomplete personal data at any time.
Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
Receive your data in a structured, machine-readable format (JSON or CSV) for transfer to another provider.
Ask us to pause processing of your data while a complaint is being resolved.
Object to processing of your personal data for certain purposes, including direct marketing.
Technical and organisational measures we've implemented to ensure GDPR compliance.
We collect only the data necessary to provide the service. We regularly review and purge data that is no longer required.
Data collected for one purpose is not reused for a different purpose without explicit consent.
All sub-processors (Azure, Stripe, Resend) are bound by DPAs that comply with GDPR Article 28.
In the event of a data breach affecting personal data, we will notify affected customers within 72 hours as required by GDPR.
Data transferred outside the EEA is covered by Standard Contractual Clauses (SCCs) approved by the European Commission.
Personal data is retained only as long as necessary. Accounts are purged 90 days after cancellation unless legal retention applies.