This GDPR Policy outlines how Auxanova Business Services FZCO (“Auxanova”, “the Company”, “we”, “our”, or “us”) ensures compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR). The policy defines the principles, roles, responsibilities, and controls governing the processing of personal data.
This policy complements Auxanova’s Data Protection Policy, Privacy Policy, and jurisdiction-specific notices, including the California Privacy Notice.
All personal data processed by Auxanova
All employees, contractors, consultants, and third parties acting on behalf of Auxanova
All systems, applications, platforms, and processes involving personal data
Personal data may relate to clients, prospects, website visitors, employees, vendors, partners, and other identifiable individuals.
Personal Data: Any information relating to an identified or identifiable natural person.
Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
Data Subject: The individual to whom personal data relates.
Controller: The entity determining the purposes and means of processing.
Processor: An entity processing personal data on behalf of a controller.
Supervisory Authority: An independent public authority established by an EU Member State.
Auxanova processes personal data in accordance with Article 5 of the GDPR:
Lawful, Fair, and Transparent: Processing is lawful, fair, and transparent.
Purpose Limitation: Data is collected for specified and legitimate purposes.
Data Minimisation: Data is adequate, relevant, and limited to necessity.
Accuracy: Data is accurate and kept up to date.
Storage Limitation: Data is retained only as long as necessary.
Integrity and Confidentiality: Data is protected against unauthorised access or loss.
Consent
Performance of a contract
Compliance with a legal obligation
Protection of vital interests
Public interest tasks
Legitimate interests balanced against data subject rights
The lawful basis for each processing activity is documented in Auxanova’s Register of Processing Activities (RoPA).
Right of access
Right to rectification
Right to erasure (“right to be forgotten”)
Right to restrict processing
Right to data portability
Right to object
Right to withdraw consent
Right to lodge a complaint with a supervisory authority
Requests are handled without undue delay and within statutory timeframes.
Consent is freely given, specific, informed, and unambiguous
Records of consent are maintained
Withdrawal of consent is as easy as granting consent
Privacy embedded into systems and processes
Access limited to what is strictly necessary
Security controls applied from the outset
Access controls and authentication mechanisms
Secure storage and encrypted transmission where appropriate
Regular backups and disaster recovery procedures
Staff training and confidentiality obligations
Ongoing risk assessments and security reviews
Personal data is retained only for as long as necessary and deleted or anonymised in accordance with retention schedules.
Processing governed by GDPR-compliant written agreements
Appropriate security measures required
Sub-processing permitted only with safeguards
Standard Contractual Clauses (SCCs)
Adequacy decisions where applicable
Other lawful GDPR-recognised transfer mechanisms
Prompt risk assessment
Supervisory authority notified within 72 hours where required
Affected individuals informed where high risk exists
Employees and relevant personnel receive appropriate GDPR and data protection training.
This GDPR Policy is reviewed at least annually and updated to reflect legal, regulatory, or operational changes.
Auxanova Business Services FZCO
Email:
info@auxanova.com