1. Lawful Basis for Processing

We process personal data under the following legal bases:

• Consent (e.g., when you request a demo).
• Performance of a contract (e.g., platform access).
• Compliance with legal obligations.
• Legitimate interests (e.g., service improvement).

2. Data Subject Rights

In accordance with GDPR, individuals have the following rights:

• Right of Access: Obtain a copy of your personal data.
• Right to Rectification: Correct inaccurate data.
• Right to Erasure ("Right to be Forgotten").
• Right to Restriction of Processing
• Right to Data Portability
• Right to Object to Processing
• Right to Withdraw Consent at any time.

Requests can be made by contacting privacy@certin.ai.

3. Data Security

We implement technical and organizational measures, including:

• Encryption of personal data at rest and in transit.
• Regular security assessments and audits.
• Access controls and staff training.

4. Data Breach Notification

In the unlikely event of a data breach affecting your personal data, Certin will notify the competent authorities and affected users in accordance with GDPR requirements.

5. International Transfers

Certin ensures that all cross-border data transfers comply with GDPR by implementing Standard Contractual Clauses or equivalent safeguards.

6. Subprocessors

We maintain a list of subprocessors who assist in service delivery. Each subprocessor must meet strict GDPR compliance obligations.

7. Data Protection Officer (DPO)

Certin has appointed a Data Protection Officer to oversee GDPR compliance and data governance.

Contact our DPO: privacy@getcertin.ai