1. GDPR overview
This GDPR page explains how AutoAssessIQ approaches personal data protection where the General Data Protection Regulation applies. It should be read together with the Privacy Policy, Terms of Service, and Cookie Policy. The goal of this page is to present a clearer rights-focused summary for users, prospects, and customers in the European Economic Area, the United Kingdom where relevant, and other jurisdictions that offer comparable privacy rights.
2. Controller and processor roles
AutoAssessIQ may act as a controller for website, marketing, prospect, billing, security, and account-administration data, because we determine the purposes and means of processing for those activities.
For certain customer workflows, uploaded business data, user management instructions, or enterprise use cases, AutoAssessIQ may act as a processor on behalf of the customer organization. In those situations, the customer generally acts as the controller for the underlying business data and user instructions.
If your organization needs a data processing addendum, transfer language, or security documentation for a procurement or compliance review, use the contact page to request it.
3. Lawful basis summary
When GDPR applies, our main lawful bases are:
- Contract for delivering website services, trials, subscriptions, and requested product functionality.
- Legitimate interests for securing, operating, improving, and supporting the service, preventing abuse, and understanding service performance.
- Consent where required for optional cookies, direct marketing, or other optional uses.
- Legal obligation for accounting, tax, compliance, or formal legal requests.
4. Data subject rights
Subject to the limits set by applicable law, you may have the right to:
- obtain confirmation that your data is processed and request access to it;
- request correction of inaccurate or incomplete personal data;
- request deletion where the data is no longer necessary or where another legal basis no longer applies;
- request restriction of processing in certain circumstances;
- object to processing based on legitimate interests, including certain direct marketing uses;
- request portability of data processed by automated means on the basis of contract or consent;
- withdraw consent where processing depends on consent.
Some rights are not absolute. We may retain necessary records to comply with law, protect security, or establish, exercise, or defend legal claims.
5. How to make a request
To submit a GDPR-related request, use the contact page and clearly state that your request concerns personal data rights. Please identify the relevant account, email address, company, and the right you wish to exercise. We may ask for additional information to verify your identity and protect against unauthorized disclosure.
We aim to respond within the timelines required by law.
6. Cross-border transfers
Where personal data is transferred outside the EEA or another jurisdiction with comparable protections, AutoAssessIQ aims to rely on an appropriate transfer mechanism such as an adequacy decision, standard contractual clauses, or a comparable safeguard recognized by law.
Additional enterprise documentation may be available on request for customer due-diligence processes.
7. Security and governance
GDPR compliance depends not only on privacy notices but also on governance, access controls, vendor oversight, security reviews, and retention discipline. AutoAssessIQ applies organizational and technical controls designed to support confidentiality, integrity, and resilience proportionate to the service context.
8. Complaints and supervisory authorities
If you believe your data protection rights have been infringed, you may contact us first through the contact page so the issue can be reviewed. You may also lodge a complaint with the supervisory authority in your habitual residence, place of work, or place of the alleged infringement, as permitted by applicable law.
9. Changes
We may revise this GDPR page to reflect operational changes, regulatory developments, or updated rights-handling practices. Material changes will be reflected by the updated date shown on this page.