GDPR Compliance Statement

Clientcarex AI Private Limited
Last Updated: August 11, 2025

Clientcarex AI Private Limited (“Clientcarex”, “we”, “our”) is committed to protecting personal data and complying with the General Data Protection Regulation (EU) 2016/679 (GDPR), the UK GDPR, and other applicable data protection laws.

This statement explains how we comply with GDPR requirements in connection with our CCX ERP (SaaS product) and CCX Automation of Business (services).

1. Legal Basis for Processing

We process personal data only where a lawful basis applies:

  • Contract – to provide products or services you request.

  • Consent – when you agree to specific data uses (e.g., newsletters, marketing).

  • Legitimate Interests – for service improvements, fraud prevention, or customer support.

  • Legal Obligations – when required by applicable law.

2. Data Subject Rights

Under GDPR, you have the following rights:

  • Right of Access – obtain a copy of the personal data we hold about you.

  • Right to Rectification – request corrections to inaccurate or incomplete data.

  • Right to Erasure (“Right to be Forgotten”) – request deletion of your data under certain circumstances.

  • Right to Restrict Processing – limit how we process your data.

  • Right to Data Portability – request your data in a machine-readable format.

  • Right to Object – object to processing based on legitimate interests or direct marketing.

  • Right to Withdraw Consent – where processing is based on consent, you can withdraw it anytime.

To exercise these rights, contact us at [email protected]. We will respond within 30 days as required by GDPR.

3. International Data Transfers

If we transfer personal data outside the EU/EEA or UK, we ensure:

  • Transfers are made to countries with adequate protection recognized by the European Commission, or

  • We use Standard Contractual Clauses (SCCs) or equivalent safeguards to protect your data.

4. Data Retention

We retain personal data only for as long as necessary to fulfill service obligations, comply with legal requirements, or resolve disputes. When no longer required, data is securely deleted or anonymized.

5. Data Security

We implement appropriate technical and organizational measures, including:

  • Encryption of data in transit and at rest

  • Regular backups and recovery testing

  • Access controls and role-based permissions

  • Intrusion detection and monitoring

6. Sub-Processors

We may use trusted third-party service providers (cloud hosting, payment gateways, analytics, communication tools) to process personal data on our behalf. All sub-processors are bound by GDPR-compliant agreements.

A list of sub-processors can be made available upon request.

7. Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee GDPR compliance.

DPO Contact:
Clientcarex AI Private Limited
Email: [email protected]

8. Breach Notification

In the event of a data breach that may affect your rights and freedoms, we will notify:

  • The relevant supervisory authority within 72 hours, and

  • Affected individuals without undue delay, where required by GDPR.

9. Supervisory Authority

If you believe we have not handled your data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority.

10. Updates

We may update this GDPR Statement as required by law or to reflect our practices. Updates will be posted on our website, and significant changes will be notified to users.