GDPR Compliance & Data Privacy

1. Introduction

At Admin, we are committed to protecting your personal data and respecting your privacy. This policy explains how we collect, use, store, and protect your information in compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

By using our platform, services, or website, you consent to the data practices described in this document. We encourage you to read it carefully.

2. Data Controller

The entity responsible for your personal data is:

Admin Technologies Ltd.
123 Innovation Drive, Tech District
London, EC2A 4NE, United Kingdom
Email: privacy@admin.com | Phone: +44 (0) 20 7946 0958

We act as the data controller for most processing activities described in this policy, meaning we determine the purposes and means of processing your personal data.

3. Data We Collect & Why

We only collect personal data that is necessary for providing our services, improving your experience, and complying with legal obligations. This includes:

Account Information: Name, email address, company name, role, and authentication credentials.
Usage Data: IP addresses, browser type, device information, pages visited, and interaction logs.
Billing Information: Payment details (processed securely via PCI-compliant third parties), invoicing addresses, and transaction history.
Communication Records: Emails, support tickets, and feedback submitted to our team.
Administrative Data: Team configurations, workspace settings, and audit logs required for platform functionality.

4. Legal Basis for Processing

We process your personal data under the following legal grounds as defined by GDPR Article 6:

Contractual Necessity: To fulfill our service agreement, manage accounts, and provide requested features.
Legitimate Interests: To improve platform performance, prevent fraud, and conduct analytics (where proportionate and not overridden by your rights).
Consent: For optional marketing communications, cookies, and personalized content (you may withdraw consent at any time).
Legal Compliance: To meet tax, financial, or regulatory obligations.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, or as required by law:

Active user accounts: Retained for the duration of your subscription plus 24 months for support purposes.
Deleted accounts: Anonymized or securely deleted within 30 days, unless retention is legally required.
Billing & tax records: Retained for 7 years as per financial regulations.
Support communications: Retained for 3 years or until the matter is fully resolved.

6. Your Rights Under GDPR

You have the right to:

Access: Request a copy of the personal data we hold about you.
Rectification: Correct inaccurate or incomplete data.
Erasure: Request deletion of your data (subject to legal retention requirements).
Restriction: Limit how we process your data in certain circumstances.
Data Portability: Receive your data in a structured, machine-readable format.
Objection: Opt out of processing based on legitimate interests or direct marketing.

To exercise any of these rights, contact our Data Protection Officer using the details in Section 10. We will respond within 30 days and verify your identity before processing requests.

7. Cookies & Tracking Technologies

Our website and platform use cookies and similar technologies to ensure functionality, analyze usage, and improve security. Categories include:

Essential: Required for authentication, session management, and security.
Analytics: Help us understand how users interact with our platform (processed anonymously where possible).
Functional: Remember preferences like language or dashboard layout.
Marketing: Used only with explicit consent to deliver relevant communications.

You can manage cookie preferences through your browser settings or our in-platform privacy center. Disabling essential cookies may limit platform functionality.

8. Security Measures

We implement industry-standard technical and organizational safeguards to protect your data, including:

AES-256 encryption for data at rest and TLS 1.3 for data in transit
Role-based access controls and multi-factor authentication (MFA)
Regular security audits, penetration testing, and SOC 2 Type II compliance
Automated backups with geographic redundancy and strict access logging

Despite these measures, no system is 100% immune to breaches. In the event of a data breach affecting your personal data, we will notify you and relevant supervisory authorities within 72 hours as required by law.

9. International Data Transfers

Admin operates globally, and your data may be processed in jurisdictions outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, including:

EU Standard Contractual Clauses (SCCs)
Transfer impact assessments (TIAs) for high-risk jurisdictions
Supplementary technical measures where legal frameworks are insufficient

10. Contact & Data Protection Officer

If you have questions about this policy, wish to exercise your rights, or need to report a concern, please contact us:

Data Protection Officer (DPO)

📧 privacy@admin.com

📞 +44 (0) 20 7946 0958

📍 123 Innovation Drive, London EC2A 4NE, UK

⏱️ Response Time: Within 30 days (typically faster)

You also have the right to lodge a complaint with your local data protection supervisory authority.

11. Policy Updates

We may update this GDPR policy to reflect changes in our practices, technology, or applicable law. Material changes will be communicated via email or in-platform notifications at least 14 days before they take effect. The "Last Updated" date at the top of this page will reflect the current version.

Thank you for trusting Admin with your data. We take your privacy seriously and are committed to transparency, security, and compliance.