GDPR Compliance & Ethical Data Processing

Prodexo AI is committed to protecting personal data and complying with the General Data Protection Regulation (GDPR – EU Regulation 2016/679). This page describes how we ensure lawful, fair, and transparent processing of personal data across our platform, products, and services.

1. Scope of GDPR Compliance

This GDPR policy applies to all users, customers, partners, and website visitors whose personal data is processed by Prodexo AI, including individuals located in the European Union (EU) and European Economic Area (EEA).

2. Lawful Basis for Processing

We process personal data only when at least one lawful basis applies, including:

Performance of a contract
User consent
Legal obligations
Legitimate business interests

3. Categories of Personal Data

Depending on usage, we may collect and process the following data:

Contact details (name, email address, company)
Account and authentication information
Usage logs and platform activity
Support and communication records
Technical data (IP address, device, browser)

4. Data Minimization & Purpose Limitation

We collect only data that is strictly necessary for defined business purposes. Personal data is not processed in a manner incompatible with the original purpose of collection.

5. Data Storage & Retention

Personal data is retained only for as long as required to fulfill contractual, legal, and regulatory obligations. Retention periods are reviewed periodically, and data is securely deleted or anonymized once no longer required.

6. Technical & Organizational Security Measures

Prodexo AI implements industry-standard security controls, including:

Role-based access control (RBAC)
Encryption of data in transit and at rest
Continuous monitoring and logging
Secure backup and recovery procedures
Periodic security and compliance reviews

7. Data Sharing & Third Parties

Personal data may be shared only with trusted service providers who are contractually obligated to comply with GDPR and data protection standards. We do not sell personal data to third parties.

8. International Data Transfers

Where personal data is transferred outside the EU/EEA, appropriate safeguards are applied, such as Standard Contractual Clauses (SCCs) or equivalent legal mechanisms.

9. Data Subject Rights

Under GDPR, individuals have the right to:

Access their personal data
Rectify inaccurate or incomplete data
Request data erasure ("Right to be Forgotten")
Restrict or object to processing
Request data portability
Withdraw consent at any time

10. Data Breach Management

In the event of a personal data breach, Prodexo AI follows a documented incident response process. Where required, supervisory authorities and affected individuals will be notified within the timelines specified by GDPR.

11. Governance & Accountability

GDPR compliance is supported through internal policies, employee awareness, access controls, and regular compliance reviews aligned with recognized security standards.

12. Contact & Requests

For GDPR-related inquiries, data access requests, or concerns, please contact us at info@prodexo.ai or via the Contact Us page. Requests will be handled within GDPR-defined timelines.

This GDPR Compliance page is subject to updates and should be reviewed periodically to reflect regulatory or operational changes.

Swiss Digitech Solutions GmbH
Neumattstr. 12, 8902 Urdorf, Switzerland
Email: info@prodexo.ai