Privacy Statement
Complionyx cares about your privacy and wants to be clear about the collection, use, and sharing of your information. This Privacy Statement explains who we are, what data we collect, how we use it, and how you can exercise your rights.
This Privacy Statement outlines how Complionyx (hereinafter "our", "we", "us") handles personal data received from customers, partners, suppliers, and visitors to our social media and website, www.complionyx.com (hereinafter “the Website”). It also applies to personal data obtained offline, such as when individuals request information or provide contact details.
We are committed to safeguarding your privacy and ensuring transparency in how we collect, use, and protect your personal information. This Privacy Statement explains our data handling practices and your privacy rights. As privacy standards evolve, we will update this statement accordingly to reflect new regulations, practices, or improvements in data protection. The Privacy Statement may also change over time as our organization develops. We reserve the right to amend the Privacy Statement at any time, for any reason, without notice, other than the posting of the amended Privacy Statement on the Website.
"Consent" – A freely given, specific, informed, and unambiguous indication by the data subject agreeing to the processing of their personal data.
"Controller" – A natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing personal data.
"Cross-Border Processing" – Processing of personal data occurring in the context of activities across multiple EU Member States or processing that substantially affects individuals in multiple Member States.
"Data Processor" – A third-party organization that processes personal data on behalf of the Data Controller under contractual obligations.
"Data Subject" – An identifiable individual whose personal data is being processed. This includes direct or indirect recognition through identifiers such as names, identification numbers, location data, or specific attributes.
"Directive (The Directive)" – Directive 95/46/EC of the European Parliament, which previously governed data protection before the adoption of the GDPR.
"Filing System" – Any structured set of personal data that is accessible based on specific criteria, whether centralized, decentralized, or dispersed geographically or functionally.
"General Data Protection Regulation (The Regulation, GDPR)" – Regulation 2016/679 of the European Parliament, outlining privacy and data protection principles applicable across the European Economic Area (EEA).
"Legal Basis" – The justification required for processing personal data in accordance with applicable laws, such as consent, contractual necessity, or legitimate interest.
"Law (The Law)" – Any locally applicable privacy laws alongside the GDPR within the EEA.
"Personal Data" – Any information relating to an identified or identifiable individual, such as name, contact details, or online identifiers.
"Processing" – Any operation performed on personal data, whether automated or manual, including collection, storage, modification, retrieval, transmission, and deletion.
"Processor" – A natural or legal person, public authority, agency, or other body that processes personal data on behalf of a controller.
"Recipient" – A natural or legal person, public authority, agency, or other body to whom personal data is disclosed, whether considered a third party or not.
"Retention Period" – The length of time personal data is stored before being securely deleted or anonymized.
"Special Personal Data" – Personal data as defined under Article 9 of the GDPR, which includes sensitive information such as health data, racial origin, political opinions, and biometric data.
"Statement (The Statement)" – This privacy statement, including its appendices, which aligns with GDPR principles while respecting local privacy laws globally.
"Sub-Processor" – A natural or legal person, public authority, agency, or other body that processes personal data on behalf of both the controller and processor.
"Supervisory Authority" – A regulatory body responsible for overseeing compliance with data protection laws, as outlined in Article 51 of the GDPR.
"Third Party" – Any natural or legal person, public authority, agency, or other body other than the data subject, the controller, or (sub)processors authorized to process data under the direct authority of the controller or processor.
Scope of Processing
At Complionyx, we process personal data to deliver consulting- and/or interim services, enhance user experiences, and ensure seamless interactions through the Website. Our data handling includes collecting, storing, and using information from (potential) customers, partners, suppliers and website visitors. As a principle, we only process personal data when necessary to maintain a functional website and provide our consultancy and/or interim services. The processing of personal data takes place regularly only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for reasons of fact and the processing of the data is permitted by law.
Complionyx's services are not intended for individuals under the age of 13, and we do not knowingly collect personal data from children below this age threshold. If you are under 13, please do not use our services or provide any personal information to us.
If you are a parent or guardian and discover that your child has shared personal data with Complionyx, you may contact us to exercise your rights (via info@complionyx.com), including access, correction, deletion, or objection to processing.
Legal Basis
Complionyx processes personal data in accordance with applicable data protection laws and regulations. The legal basis for processing depends on the nature of the data and the purpose of its use.
In general, we process personal data with the user's consent, to fulfill contractual obligations, comply with legal requirements, or pursue legitimate business interests.
When consent is required, users have the right to withdraw it at any time without affecting the lawfulness of prior processing.
Insofar as we obtain the consent of the data subject for processing personal data, Article 6(1)(a) GDPR serves as the legal basis.
If processing is necessary for the performance of a contract in which the data subject is a party, Article 6(1)(b) GDPR applies. This also includes processing required for pre-contractual measures.
Where the processing of personal data is necessary to fulfill a legal obligation applicable to Complionyx, Article 6(1)(c) GDPR serves as the legal basis.
If processing is required to safeguard Complionyx's legitimate interests or those of a third party, and such interests are not outweighed by the fundamental rights and freedoms of the data subject, Article 6(1)(f) GDPR provides the legal framework for processing.
As a customer of Complionyx, certain personal data will be processed to facilitate our business relationship and deliver consultancy and interim services effectively. This includes:
Your email address for communication purposes.
Your first and last name to personalize interactions.
Your company affiliation (if applicable) to tailor services to your professional needs.
Your phone number for direct communication, consultation scheduling, and support services.
Your IP address, which may be collected when interacting with Complionyx's online platforms to enhance security, prevent fraud, and improve service functionality.
Address details, including business or residential address, for contractual agreements, invoicing, and service-related communications.
Payment information, including first and last name, account details, financial institution, and other transaction-related data for billing and financial processing.
Job titles and professional background to provide specialized consultancy services suited to the client’s expertise and industry needs.
Marketing and communication preferences, including opt-in choices for newsletters, industry updates, and promotional materials.
Additional data requested as part of our engagement.
Information obtained during the course of the business relationship, ensuring seamless service delivery and collaboration.
Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, including legal, contractual, and operational requirements. Once data is no longer required, it is securely deleted or anonymized in compliance with applicable regulations. Specific retention periods may vary depending on legal obligations and the nature of the data being processed.
In determining our retention periods, we consider several factors:
Whether we need your personal information to protect our legitimate interests, fulfill a contract, respond to inquiries, or provide requested services and support;
Whether we are subject to legal obligations requiring data retention; or
Whether retention is advisable based on our legal position, such as applicable statutes of limitation, ongoing litigation, or regulatory investigations.
Unless otherwise specified in this Privacy Statement, these criteria guide how long we retain personal data before securely disposing of it.
Complionyx is committed to safeguarding the security and confidentiality of personal data. We implement industry-standard technical and organizational measures (TOM) to protect your information from loss, misuse, and unauthorized access, alteration, disclosure, or destruction.
Our security practices include encryption, access controls, and secure storage solutions to ensure that personal data remains protected at all times. Complionyx also regularly reviews and updates its data protection protocols to comply with evolving regulations and best practices. Third-party processors handling personal data are bound by strict confidentiality agreements, and we take appropriate steps to minimize risks associated with data processing.
Complionyx values the privacy and security of personal data and only shares it when necessary to operate effectively, comply with legal requirements, or fulfill contractual obligations. Whenever Complionyx shares personal data, we ensure appropriate safeguards are in place to protect confidentiality and comply with applicable privacy laws.
Personal data may be shared with the following categories of third parties:
Service Providers - Complionyx works with third-party service providers (such as IT support, cloud storage providers, and customer service platforms) to maintain and improve our services. These providers are contractually obligated to handle personal data securely and only for the specified purposes outlined by Complionyx.
Legal and Regulatory Authorities - Complionyx may disclose personal data when required to comply with legal obligations, respond to lawful requests from public or governmental authorities, prevent fraud, or protect our rights, safety, and the security of our services.
Partners - If necessary for business operations, Complionyx may share data with trusted partners who provide complementary services or support Complionyx's operations. Any sharing in this context is governed by strict confidentiality agreements.
Legal and Regulatory Authorities - Complionyx may disclose personal data to third parties such as public authorities, government agencies, and professional advisers when necessary. This may occur if access, use, retention, or disclosure of personal information is required to:
comply with applicable laws, regulations, or enforceable governmental requests;
investigate, prevent, or take action against suspected or confirmed illegal activities, or support law enforcement authorities;
enforce our Terms of Use;
address legal claims, disputes, or regulatory investigations;
protect the integrity of our services;
safeguard the rights, security, and well-being of Complionyx, its clients and other relevant parties.
Complionyx does not sell personal data. Any data sharing is conducted with transparency, ensuring that affected individuals retain control over their personal information wherever possible. Additionally, when transferring personal data outside the European Economic Area (EEA) or to jurisdictions with differing privacy regulations, Complionyx ensures compliance with applicable international data transfer laws and, when required, implements legally recognized transfer mechanisms such as Standard Contractual Clauses (SCC's).
Depending on the purpose of processing your personal data and the applicable legal framework, you have specific rights regarding your personal information. To exercise these rights, Complionyx requires a formal request submitted via email or in writing, accompanied by a valid form of identification. Upon receiving your request, Complionyx will provide a written response within 30 days.
Under certain circumstances, individuals have specific rights regarding their personal data. Complionyx is committed to respecting these rights and facilitating requests in compliance with applicable privacy laws.
Data subjects have the right to:
Access personal data (art. 15 GDPR) - Individuals can request copies of, or information about, the personal data Complionyx processes.
Rectify personal data (art. 16 GDPR) - If any processed personal data is inaccurate, individuals can request corrections.
Request deletion (‘right to erasure’) (art. 17 GDPR) - Individuals may ask Complionyx to delete their personal data. However, in some cases, legal obligations may require Complionyx to retain certain data.
Restrict processing - (art. 21 GDPR) Under specific circumstances, individuals can request limitations on how their personal data is used.
Exercise data portability (art. 20 GDPR) - Data subjects can request to receive their personal data in a structured, commonly used, machine-readable format or have it transferred to another organization. This right applies in cases where Complionyx processes data through automated means and based on consent.
Object to processing (art. 7 (3) GDPR) - If Complionyx relies on legitimate business interests as the lawful basis for data processing, individuals may object to such processing, including objections to direct marketing. Complionyx will investigate objections and temporarily suspend processing where necessary. If the objection is deemed valid, Complionyx will cease processing for the relevant purposes; otherwise, a justification will be provided.
Complionyx does not apply automated individual decision-making or profiling.
Requests regarding data rights must be submitted in writing or via email, accompanied by valid identification to info@complionyx.com. Complionyx will respond within one month (30 days), but in cases of complex requests, this period may be extended by up to two additional months. In situations where a request is excessive, unfounded, or involves multiple copies, Complionyx reserves the right to charge a reasonable administrative fee or refuse to comply.
If individuals have concerns about how Complionyx processes their personal data, they may file a complaint with the relevant supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (AP) (www.autoriteitpersoonsgegevens.nl). However, Complionyx encourages individuals to contact us first to allow us the opportunity to address any concerns directly.
Complionyx uses cookies and similar tracking technologies to enhance user experience, improve website functionality, and analyze interactions with our services. These technologies allow us to remember preferences, optimize content delivery, and provide personalized insights based on usage patterns. Cookies may be categorized as essential, analytical, functional, or marketing-related, depending on their purpose.
Users can manage cookie preferences through browser settings, opting to disable non-essential cookies while still accessing core website features. Complionyx ensures transparency in how tracking technologies are deployed and only collects data necessary for functionality, security, and analytics. For further details on our use of cookies, users can refer to our cookie policy or adjust settings accordingly.
If you have any questions, concerns, or requests regarding this Privacy Statement or how we handle your personal data, you can reach us at:
info@complionyx.com
We strive to respond to inquiries promptly and ensure that your privacy-related concerns are addressed in accordance with applicable data protection regulations.