GDPR Compliance

We process personal data only when we have a valid legal basis to do so. The lawful bases we rely on include:

• Contract performance: Processing necessary to provide the axeo service to you and your organization as outlined in our Terms of Service
• Legitimate interests: Processing for purposes such as improving our services, ensuring platform security, and preventing fraud, where these interests are not overridden by your rights
• Consent: Where you have given explicit consent for specific processing activities, such as receiving marketing communications
• Legal obligation: Processing required to comply with applicable laws, regulations, or legal proceedings

Under the GDPR, you have the following rights regarding your personal data. We are committed to facilitating the exercise of these rights in a timely manner.

• Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you, along with information about how it is being processed
• Right to Rectification (Article 16): You have the right to request correction of inaccurate personal data or completion of incomplete data
• Right to Erasure (Article 17): You have the right to request deletion of your personal data when it is no longer necessary for the purposes for which it was collected
• Right to Restriction (Article 18): You have the right to request that we restrict processing of your data in certain circumstances, such as while we verify the accuracy of contested data
• Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format
• Right to Object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes
• Right Not to Be Subject to Automated Decision-Making (Article 22): You have the right not to be subject to decisions based solely on automated processing that significantly affect you

To exercise any of your data protection rights, please contact our Data Protection Officer at dpo@axeo.ink. We will respond to your request within 30 days as required by the GDPR.

We may need to verify your identity before processing your request. If your request is complex or you have made multiple requests, we may extend the response period by an additional 60 days, in which case we will inform you of the extension and the reasons for it.

You will not be charged a fee for exercising your rights in most cases. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to countries without adequacy decisions
• Adequacy decisions by the European Commission recognizing certain countries as providing adequate data protection
• Binding Corporate Rules where applicable for intra-group transfers
• We conduct Transfer Impact Assessments as required to ensure the recipient country provides adequate protection

axeo has appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and ensuring compliance with the GDPR.

You can reach our DPO at dpo@axeo.ink for any questions about how we handle personal data, to exercise your rights, or to raise any concerns about our data processing practices.

If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You may do so in the EU member state of your habitual residence, your place of work, or the place of the alleged infringement.

We encourage you to contact us first at dpo@axeo.ink so we can try to resolve your concern directly.

For organizations that require a Data Processing Agreement (DPA) to comply with GDPR requirements, we offer a standard DPA that covers the processing activities performed by axeo on behalf of your organization.

To request a copy of our DPA or to discuss specific data processing requirements, please contact our legal team at legal@axeo.ink.