GDPR Compliance
Last updated: March 2026
Our Commitment
OPS 360 AI is committed to complying with the General Data Protection Regulation (GDPR). We have implemented technical and organizational measures to ensure the protection of personal data and uphold the rights of data subjects. This page outlines our approach to GDPR compliance.
1. Data Processing
We process personal data only for specified, explicit, and legitimate purposes. As a data processor for our customers' data and a data controller for account-related data, we maintain:
- A comprehensive record of processing activities (Article 30)
- Data processing agreements (DPAs) with all customers upon request
- Privacy-by-design and privacy-by-default principles in all product development
- Data minimization — we collect only what is necessary to provide our services
2. Legal Basis for Processing
We process personal data under the following legal bases:
- Contract performance: Processing necessary to provide our services under your subscription agreement
- Legitimate interests: Analytics, security monitoring, and service improvement
- Consent: Marketing communications and optional analytics (withdrawable at any time)
- Legal obligation: Compliance with applicable laws and regulations
3. Data Subject Rights
Under GDPR, individuals have the following rights, which we fully support:
- Right of access — Request a copy of your personal data
- Right to rectification — Correct inaccurate or incomplete data
- Right to erasure — Request deletion of your personal data
- Right to restriction — Restrict processing of your data
- Right to data portability — Receive your data in a machine-readable format
- Right to object — Object to processing based on legitimate interests
- Rights related to automated decision-making — Request human review of automated decisions
To exercise any of these rights, contact our Data Protection Officer at dpo@ops360.io. We respond to all requests within 30 days.
4. Data Protection Officer
We have appointed a Data Protection Officer (DPO) who oversees our data protection strategy and compliance. You can contact our DPO at:
5. International Data Transfers
When personal data is transferred outside the European Economic Area (EEA), we ensure adequate protection through appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission. Our primary data processing occurs on infrastructure with data residency options in the UAE. We evaluate all sub-processors for GDPR compliance before engagement.
6. Sub-processors
We use a limited number of sub-processors to deliver our services. All sub-processors are bound by data processing agreements and meet our security and privacy standards:
| Sub-processor | Purpose | Location |
|---|---|---|
| Cloud Infrastructure Provider | Hosting & compute | UAE / EU |
| Stripe | Payment processing | US / EU |
| Email Service Provider | Transactional email | EU |
| LLM Provider (via Gateway) | AI features | US |
We notify customers of any changes to sub-processors with at least 30 days' notice. Customers can object to new sub-processors within that period.
7. Breach Notification
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours where feasible, and notify affected data subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
Contact
For any GDPR-related inquiries, please contact our Data Protection Officer at dpo@ops360.io.
