GDPR Compliance

Last updated: January 2, 2025

1. Our Commitment to GDPR

VertexElite is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements.

2. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent: When you explicitly agree to our processing activities (e.g., newsletter signup)
  • Contract: When processing is necessary to fulfill our service agreement with you
  • Legal Obligation: When required by law (e.g., tax records, legal disputes)
  • Legitimate Interest: When necessary for our business operations (e.g., fraud prevention, security)

3. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

3.1 Right to Access

You can request a copy of all personal data we hold about you.

3.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

3.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data when:

  • Data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • Data has been unlawfully processed

3.4 Right to Restriction of Processing

You can request limitation of how we use your data in certain circumstances.

3.5 Right to Data Portability

You can request your data in a structured, commonly used, machine-readable format.

3.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

3.7 Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing, including profiling.

4. How to Exercise Your Rights

To exercise any of your GDPR rights:

  • Email: privacy@vertexelite.org
  • Subject line: "GDPR Data Subject Request"
  • Include: Your name, contact information, and specific request

We will respond to your request within 30 days.

5. Data Protection Officer (DPO)

For GDPR-related inquiries, you can contact our Data Protection Officer:

  • Email: dpo@vertexelite.org
  • Alternative: privacy@vertexelite.org

6. Data We Collect

We collect and process the following categories of personal data:

  • Identity Data: Name, username, title
  • Contact Data: Email address, phone number, business address
  • Technical Data: IP address, browser type, device information
  • Usage Data: How you interact with our website and services
  • Marketing Data: Your preferences for receiving marketing communications
  • Transaction Data: Payment and billing information (processed securely via Stripe)

7. Data Retention

We retain personal data only as long as necessary:

  • Active customers: Duration of contract + 7 years (legal requirements)
  • Marketing data: Until consent is withdrawn or 2 years of inactivity
  • Website analytics: 26 months (Google Analytics default)
  • Support tickets: 3 years after closure

8. International Data Transfers

When we transfer data outside the EU/EEA, we ensure adequate protection through:

  • EU-US Data Privacy Framework participation (where applicable)
  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • SSL/TLS encryption for data in transit
  • AES-256 encryption for data at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Employee training on data protection
  • Incident response procedures

10. Data Breach Notification

In the event of a data breach:

  • We will notify the relevant supervisory authority within 72 hours
  • Affected individuals will be notified without undue delay
  • We will document all data breaches and our response

11. Third-Party Processors

We work with GDPR-compliant third-party processors:

  • Stripe: Payment processing (PCI-DSS compliant)
  • Google Analytics: Website analytics (anonymized data)
  • Amazon Web Services (AWS): Cloud hosting
  • Email providers: Transactional and marketing emails

All processors have signed Data Processing Agreements (DPAs) with us.

12. Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children without parental consent.

13. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, particularly in your country of residence, place of work, or where an alleged infringement occurred.

EU Data Protection Authorities: https://edpb.europa.eu/about-edpb/about-edpb/members_en

14. Updates to This Page

We may update this GDPR compliance page to reflect changes in our practices or legal requirements. Check the "Last updated" date above.

15. Contact Information

For GDPR-related questions or to exercise your rights:

  • Email: privacy@vertexelite.org
  • DPO Email: dpo@vertexelite.org
  • Legal Email: legal@vertexelite.org
  • Company: VertexElite, New Castle, Texas, USA
  • Phone: +1 (866) 767-5850
Privacy PolicyTerms of ServiceCookie PolicyBack to Home