GDPR Compliance

OmniConflux is committed to protecting the privacy rights of EU citizens in accordance with the General Data Protection Regulation (GDPR).

Last Updated: March 22, 2025

1. Introduction to GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations that process personal data of individuals in the European Union (EU), regardless of where the organization is located.

At OmniConflux, we are committed to ensuring that our platform and services comply with GDPR requirements. This page outlines our approach to GDPR compliance and the measures we have implemented to protect the privacy rights of EU citizens.

2. Our Role Under GDPR

Under GDPR, OmniConflux acts as both a data controller and a data processor:

  • Data Controller: We act as a data controller for the personal data we collect directly from our users, such as account information and usage data.
  • Data Processor: We act as a data processor for the personal data our customers upload or process through our platform.

In both roles, we are committed to processing personal data in compliance with GDPR principles and requirements.

3. GDPR Principles We Follow

OmniConflux adheres to the following GDPR principles in our data processing activities:

3.1 Lawfulness, Fairness, and Transparency

We process personal data lawfully, fairly, and in a transparent manner. Our Privacy Policy clearly explains what data we collect, how we use it, and the legal basis for processing.

3.2 Purpose Limitation

We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.

3.3 Data Minimization

We limit the collection of personal data to what is necessary for the purposes for which it is processed.

3.4 Accuracy

We take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date.

3.5 Storage Limitation

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements.

3.6 Integrity and Confidentiality

We implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.

3.7 Accountability

We take responsibility for complying with GDPR principles and can demonstrate this compliance through appropriate policies, procedures, and documentation.

4. Legal Basis for Processing

Under GDPR, we must have a valid legal basis for processing personal data. OmniConflux relies on the following legal bases:

4.1 Consent

Where required, we obtain clear and affirmative consent from individuals before processing their personal data. Consent can be withdrawn at any time.

4.2 Contractual Necessity

We process personal data when necessary to fulfill our contractual obligations to our users or to take steps at their request before entering into a contract.

4.3 Legitimate Interests

We process personal data based on our legitimate interests, such as improving our services, preventing fraud, and ensuring network security, provided these interests are not overridden by the individual's rights and freedoms.

4.4 Legal Obligation

We process personal data when necessary to comply with a legal obligation to which we are subject.

5. Data Subject Rights

GDPR grants individuals (data subjects) specific rights regarding their personal data. OmniConflux respects and facilitates these rights:

5.1 Right to Information

We provide clear and transparent information about our data processing activities through our Privacy Policy and other communications.

5.2 Right of Access

Data subjects have the right to request confirmation of whether we process their personal data and to receive a copy of that data, along with other information about the processing.

5.3 Right to Rectification

Data subjects have the right to request correction of inaccurate personal data or completion of incomplete personal data.

5.4 Right to Erasure (Right to be Forgotten)

Data subjects have the right to request the deletion of their personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

5.5 Right to Restriction of Processing

Data subjects have the right to request restriction of processing of their personal data in certain situations, such as when they contest the accuracy of the data.

5.6 Right to Data Portability

Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

5.7 Right to Object

Data subjects have the right to object to processing of their personal data based on legitimate interests or for direct marketing purposes.

5.8 Rights Related to Automated Decision-Making

Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or similarly significantly affects them.

6. How to Exercise Your Rights

If you are an EU resident and wish to exercise your GDPR rights, you can contact us at privacy@omniconflux.com. We will respond to your request within one month, as required by GDPR.

To verify your identity, we may request additional information before fulfilling your request.

7. Data Protection Measures

OmniConflux implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data
  • Regular testing and evaluation of security measures
  • Access controls and authentication procedures
  • Data backup and recovery procedures
  • Staff training on data protection and security
  • Data protection impact assessments for high-risk processing activities

8. International Data Transfers

When transferring personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules (BCRs)
  • Adequacy decisions by the European Commission

9. Data Breach Notification

In the event of a personal data breach that poses a risk to the rights and freedoms of individuals, we will:

  • Notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach
  • Notify affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms
  • Document all breaches, including the facts, effects, and remedial actions taken

10. Data Protection Officer

OmniConflux has appointed a Data Protection Officer (DPO) who is responsible for overseeing our GDPR compliance. You can contact our DPO at dpo@omniconflux.com.

11. GDPR Compliance for Our Customers

As a data processor, we help our customers (who act as data controllers) comply with GDPR by:

  • Providing tools and features that enable them to fulfill data subject requests
  • Implementing appropriate security measures to protect the personal data they process through our platform
  • Entering into data processing agreements that comply with GDPR requirements
  • Maintaining records of processing activities
  • Notifying them of data breaches without undue delay

12. Updates to Our GDPR Compliance

We regularly review and update our GDPR compliance measures to ensure they remain effective and aligned with regulatory guidance and best practices. Any significant changes to our GDPR compliance approach will be communicated through updates to this page.

13. Contact Us

If you have any questions or concerns about our GDPR compliance or how we handle personal data, please contact us at:

Email: privacy@omniconflux.com

Postal Address: [Your Company Address Here]