Loading...
ERPS X Start For Free

GDPR Compliance

How ERPS X complies with the EU General Data Protection Regulation.

Last updated: March 1, 2026
ERPS X is fully committed to GDPR compliance. We act as a Data Processor for your business data and a Data Controller for your account information.

Our GDPR Commitments

  • Lawful Basis: We process data based on contractual necessity, legitimate interest, or explicit consent
  • Data Minimisation: We collect only the data necessary to provide our services
  • Purpose Limitation: We use data only for the stated purposes
  • Storage Limitation: We retain data only as long as necessary
  • Integrity & Confidentiality: Enterprise-grade encryption and access controls

Your Rights Under GDPR

As a data subject, you have the right to:

  • Right of Access (Art. 15): Obtain confirmation of whether your data is being processed and receive a copy
  • Right to Rectification (Art. 16): Correct inaccurate or incomplete personal data
  • Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing (Art. 18): Limit how your data is processed
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
  • Right to Object (Art. 21): Object to processing based on legitimate interests

Data Processing Agreement

We offer a Data Processing Agreement (DPA) to all customers who require one. The DPA outlines our obligations as a data processor, including sub-processor management, breach notification procedures, and data deletion commitments.

To request a DPA, contact [email protected].

Sub-Processors

We use a limited number of sub-processors to deliver our services. A current list is available upon request. We notify customers of any changes to our sub-processor list with at least 30 days' notice.

Data Breach Notification

In the unlikely event of a data breach, we will notify affected customers within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33.

International Data Transfers

When data is transferred outside the EEA, we use Standard Contractual Clauses (SCCs) approved by the European Commission, along with supplementary technical measures to ensure adequate data protection.

Data Protection Officer

For GDPR-related inquiries, contact our Data Protection team:

Top