Loading
🇪🇺

GDPR Compliance

UCX360 Last updated: May 2026 EU Regulation 2016/679

UCX360 is committed to full compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable national data protection laws. This page summarises our obligations and your rights as a data subject. For full detail on data collection and use, see our Privacy Policy.

1 Data Controller & Processor

UCX360 acts as the Data Controller for personal data collected through our website (www.ucx360.com) and platform (app.ucx360.com).

Where UCX360 processes personal data on behalf of client organisations (e.g. CRM contact records entered by platform users), UCX360 acts as a Data Processor and the client organisation is the Data Controller. In this role, UCX360 processes data only on documented instructions from the Data Controller and assists with data subject rights requests as required.

2 Lawful Basis for Processing

We process personal data only where we have a valid lawful basis under GDPR Article 6:

  • Contract (Art. 6(1)(b)) — processing required to deliver the services you have subscribed to.
  • Legitimate Interests (Art. 6(1)(f)) — platform security, fraud prevention, and service improvement, where not overridden by your rights.
  • Consent (Art. 6(1)(a)) — marketing communications and non-essential analytics cookies, where you have explicitly opted in.
  • Legal Obligation (Art. 6(1)(c)) — compliance with applicable law and regulatory requirements.

3 Your Rights as a Data Subject

As a data subject in the EU/EEA, you have the following rights under GDPR:

Right of Access (Art. 15)

Request a copy of the personal data we hold about you, and information on how it is processed.

Right to Rectification (Art. 16)

Request correction of inaccurate or incomplete personal data without undue delay.

Right to Erasure (Art. 17)

Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.

Right to Restriction (Art. 18)

Request that we limit processing of your data in certain circumstances, e.g. while a dispute is resolved.

Right to Portability (Art. 20)

Receive your data in a structured, commonly used, machine-readable format and transfer it to another controller.

Right to Object (Art. 21)

Object to processing based on legitimate interests or for direct marketing purposes at any time.

Right to Withdraw Consent

Where processing relies on consent, withdraw it at any time without affecting prior lawful processing.

Right to Lodge a Complaint

File a complaint with your national supervisory data protection authority at any time.

To exercise any of these rights, contact us at sales@ucx360.com. We will respond within 30 days of receipt.

4 Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by applicable law. Account data is retained for the duration of the active subscription and deleted upon verified request. Anonymised analytics data may be retained indefinitely. Our full retention schedule is available upon request.

5 International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), UCX360 ensures appropriate safeguards are in place — such as Standard Contractual Clauses (SCCs) approved by the European Commission under Article 46 GDPR — to guarantee an equivalent level of data protection.

We conduct transfer impact assessments where required and maintain records of all cross-border transfers.

6 Data Security

UCX360 implements appropriate technical and organisational measures to protect personal data in accordance with Article 32 GDPR, including:

  • HTTPS/TLS encryption for all data in transit.
  • Role-based access controls (RBAC) limiting access to authorised personnel only.
  • Full audit trails tracking all user actions and configuration changes.
  • Regular security reviews and vulnerability assessments.
  • Data Protection Impact Assessments (DPIAs) for high-risk processing activities.

7 Data Breach Notification

In the event of a personal data breach, UCX360 will notify the relevant supervisory authority within 72 hours of becoming aware of the breach where feasible, and where required by GDPR Article 33. Affected data subjects will be notified without undue delay where the breach is likely to result in a high risk to their rights and freedoms.

8 Supervisory Authority

You have the right to lodge a complaint with the relevant supervisory data protection authority in your country. UCX360 operates under the jurisdiction of the Netherlands. The competent supervisory authority is:

Autoriteit Persoonsgegevens (AP)
Website: autoriteitpersoonsgegevens.nl

9 Contact & DPA Requests

For any GDPR-related enquiries, to exercise your rights, or to request a Data Processing Agreement (DPA) for your organisation:

UCX360
Email: sales@ucx360.com
Website: www.ucx360.com