Legal Basis & Data Processing Notice

Last updated: January 15, 2025 • Effective immediately • GDPR & National Data Protection Compliance

At Admin, we are committed to processing personal data transparently, lawfully, and in accordance with applicable data protection legislation, including the EU General Data Protection Regulation (GDPR), the ePrivacy Directive, and relevant national laws. This document outlines the legal grounds under which we collect, use, and process your personal information.

1. Legal Basis for Processing

We process your personal data only where we have a valid legal ground under Article 6 of the GDPR. The applicable legal basis depends on the specific context and purpose of the processing activity:

Contractual Necessity (Art. 6(1)(b)): Processing required to perform a contract with you or to take steps at your request before entering into a contract (e.g., account creation, service delivery, billing).
Consent (Art. 6(1)(a)): Processing based on your explicit, informed consent for specific purposes such as marketing communications, non-essential cookies, or analytics. You may withdraw consent at any time.
Legal Obligation (Art. 6(1)(c)): Processing necessary to comply with statutory requirements, including tax, accounting, anti-money laundering, and cybersecurity regulations.
Legitimate Interests (Art. 6(1)(f)): Processing necessary for our legitimate interests or those of a third party, provided your fundamental rights and freedoms do not override those interests (e.g., fraud prevention, network security, service improvement).
Vital Interests (Art. 6(1)(d)): Processing necessary to protect your vital interests or those of another person where consent cannot be obtained.
Public Interest (Art. 6(1)(e)): Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Admin.

Note: We will always specify the applicable legal basis at the point of data collection. If a purpose relies on consent, it will be clearly separated from processing based on other legal grounds.

2. Purposes of Processing

Personal data is collected and processed for specific, explicit, and legitimate purposes. These include:

Provision, maintenance, and improvement of Admin's platform and services
Account management, authentication, and user administration
Processing payments, invoicing, and tax compliance
Communication regarding service updates, security alerts, and support requests
Enhancing service security, detecting fraud, and preventing abuse
Analyzing usage patterns to optimize performance and user experience
Compliance with legal, regulatory, and contractual obligations
Marketing and promotional activities (only with explicit consent or where permitted by law)

3. Categories of Data Processed

The types of personal data we collect and process depend on your interaction with our services:

Category	Examples	Typical Legal Basis
Identity & Contact Data	Name, email, phone, postal address, username	Contract, Consent
Technical & Usage Data	IP address, device identifiers, browser type, log files, interaction timestamps	Legitimate Interest, Contract
Transaction & Billing Data	Payment method details, transaction history, billing address, invoice records	Contract, Legal Obligation
Communication Data	Support tickets, emails, chat transcripts, feedback	Contract, Legitimate Interest
Special Categories	Only processed if explicitly provided and strictly necessary (e.g., disability accommodations)	Explicit Consent, Legal Obligation

4. Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. Retention periods are determined by:

Service Duration: Data is retained for the active period of your account plus a defined archival period (typically 24–60 months depending on jurisdiction).
Legal & Regulatory Requirements: Financial, tax, and compliance records are retained for periods mandated by applicable law (commonly 5–7 years).
Security & Audit Logs: Technical logs are retained for up to 12 months for incident response and forensic analysis.
Marketing Consent: Data is retained until consent is withdrawn or becomes stale (typically after 24 months of inactivity).

Once retention periods expire, data is securely deleted or anonymized in accordance with our data disposal policies.

5. Your Legal Rights

Under applicable data protection laws, you have the right to:

Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate or incomplete data.
Erasure: Request deletion of your data where there is no compelling legal reason for continued processing.
Restriction: Request limitation of processing under certain circumstances.
Data Portability: Receive your data in a structured, commonly used, machine-readable format.
Objection: Object to processing based on legitimate interests or direct marketing.
Withdraw Consent: Revoke previously given consent at any time, without affecting the lawfulness of prior processing.
Automated Decision-Making: Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

To exercise any of these rights, contact our Data Protection Officer via the details provided in Section 7. We will respond within 30 days, extending by up to 60 days for complex requests as permitted by law.

6. International Data Transfers

Admin may transfer personal data outside the European Economic Area (EEA) to affiliated entities, service providers, or hosting infrastructure. All international transfers are governed by adequate safeguards, including:

European Commission Adequacy Decisions
Standard Contractual Clauses (SCCs) approved by the European Commission
Binding Corporate Rules (BCRs) where applicable
Technical and organizational measures ensuring data encryption in transit and at rest

We conduct regular transfer impact assessments to verify the legal adequacy of destination jurisdictions and implement supplementary safeguards where required.

7. Contact & Supervisory Authority

If you have questions regarding this legal basis, wish to exercise your rights, or need to report a data protection concern, please contact:

Data Protection Officer: dpo@admin.platform
Legal & Compliance: legal@admin.platform
Registered Address: Admin Inc., Data Compliance Dept., 100 Innovation Drive, Tech District, TD 10001

You also have the right to lodge a complaint with a supervisory authority in your member state. In the EU/EEA, you may contact the relevant Data Protection Authority. A list of authorities is available at edpb.europa.eu.

Disclaimer: This document is provided for informational purposes and does not constitute legal advice. Data processing practices may be updated to reflect legislative changes or service improvements. We encourage you to review this notice periodically.