GDPR Compliance

InfinityX Enterprise is committed to protecting your personal data in accordance with the European General Data Protection Regulation (GDPR) and ensuring your privacy rights are respected.

Regulation (EU) 2016/679Effective: 25 May 2018Last Updated: August 4, 2025

GDPR Data Protection Principles

We adhere to all six key principles of data protection as outlined in Article 5 of the GDPR

Lawfulness, Fairness & Transparency

Processing must be lawful, fair, and transparent to the data subject

Our Implementation:

  • Clear legal basis for all data processing activities
  • Transparent privacy notices and communication
  • Fair processing that doesn't mislead data subjects
  • Regular reviews of processing activities

Purpose Limitation

Data collected for specified, explicit and legitimate purposes only

Our Implementation:

  • Clearly defined purposes for data collection
  • No further processing incompatible with original purpose
  • Regular purpose assessment and documentation
  • Purpose-specific consent where required

Data Minimisation

Adequate, relevant and limited to what is necessary

Our Implementation:

  • Collect only necessary personal data
  • Regular data audits to identify redundant information
  • Purpose-driven data collection forms
  • Automatic data reduction procedures

Accuracy

Accurate and kept up to date; inaccurate data must be erased

Our Implementation:

  • Data verification procedures
  • Regular accuracy checks and updates
  • Easy correction mechanisms for data subjects
  • Prompt rectification of inaccurate data

Storage Limitation

Kept only as long as necessary for the purposes

Our Implementation:

  • Defined retention periods for different data types
  • Automatic deletion procedures
  • Regular review of stored data necessity
  • Secure disposal of outdated information

Integrity & Confidentiality

Processed securely with appropriate technical and organisational measures

Our Implementation:

  • Encryption of personal data in transit and at rest
  • Access controls and authentication systems
  • Regular security assessments and updates
  • Staff training on data protection

Your Rights Under GDPR

As a data subject, you have specific rights regarding your personal data. Here's how we ensure these rights are protected.

Right to Information

Articles 13 & 14
Response: At the time of collection

Be informed about how your personal data is being used

How We Comply:

  • Clear and comprehensive privacy notices
  • Transparent data collection forms
  • Proactive information provision
  • Regular privacy notice updates

Right of Access

Article 15
Response: Within 1 month

Obtain access to your personal data and supplementary information

How We Comply:

  • Subject access request procedures
  • Identity verification processes
  • Comprehensive data export capabilities
  • Free provision of first copy

Right to Rectification

Article 16
Response: Within 1 month

Have inaccurate personal data corrected

How We Comply:

  • Easy correction request mechanisms
  • Prompt data updates across systems
  • Notification to third parties of corrections
  • Verification of corrected information

Right to Erasure

Article 17
Response: Within 1 month

Have personal data erased in certain circumstances

How We Comply:

  • Secure deletion procedures
  • Assessment of erasure conditions
  • Notification to data processors
  • Backup and archive management

Right to Restrict Processing

Article 18
Response: Within 1 month

Restrict the processing of personal data in certain circumstances

How We Comply:

  • Processing restriction mechanisms
  • Data marking and flagging systems
  • Limited access during restriction
  • Notification before lifting restrictions

Right to Data Portability

Article 20
Response: Within 1 month

Receive personal data in a structured, machine-readable format

How We Comply:

  • Standardized data export formats
  • Automated portability tools
  • Direct transmission capabilities
  • Structured data organization

Legal Bases for Processing

We only process your personal data when we have a valid legal basis under Article 6 of the GDPR

Consent

Freely given, specific, informed and unambiguous consent

Examples:

  • Marketing communications
  • Optional service features
  • Cookies (non-essential)

Requirements:

  • Clear opt-in mechanism
  • Easy withdrawal
  • Granular choices
  • Age verification

Contract

Processing necessary for contract performance

Examples:

  • Service delivery
  • Payment processing
  • Customer support

Requirements:

  • Clear contractual terms
  • Necessity assessment
  • Proportionate processing
  • Contract documentation

Legal Obligation

Processing required to comply with legal obligations

Examples:

  • Tax records
  • Financial regulations
  • Employment law

Requirements:

  • Legal requirement identification
  • Documentation of obligation
  • Minimal processing
  • Retention compliance

Legitimate Interest

Processing necessary for legitimate interests pursued

Examples:

  • Security monitoring
  • Business operations
  • Fraud prevention

Requirements:

  • Legitimate interest assessment
  • Necessity testing
  • Balancing test
  • Data subject impact evaluation

International Data Transfers

When we transfer your data outside the EU/EEA, we ensure adequate protection through appropriate safeguards

Adequacy Decisions

We prioritize transfers to countries with EU adequacy decisions ensuring equivalent protection levels.

Standard Contractual Clauses

We use EU-approved Standard Contractual Clauses for transfers to countries without adequacy decisions.

Additional Safeguards

We implement technical and organizational measures including encryption and access controls.

Exercise Your GDPR Rights

Contact our Data Protection Officer to exercise any of your GDPR rights or for data protection inquiries

Data Protection Officer

Email: [email protected]

Phone: +27 76 776 9934

Response Time: Within 1 month

Languages: English, Afrikaans

Supervisory Authority

Primary: Information Commissioner's Office (ICO)

Website: ico.org.uk

Local: Information Regulator (South Africa)

Right: Lodge complaints if unsatisfied

Quick Request Form

Use our online form to quickly submit GDPR requests or contact us directly using the information above.

Data Breach Procedures

72 Hours

Supervisory authority notification (when high risk)

Without Delay

Data subject notification (when high risk to rights and freedoms)

Immediate

Containment and impact assessment procedures

Submit a GDPR Request

Exercise your data protection rights under GDPR. Submit your request below and we'll process it within the required timeframes.

GDPR Data Request Form

Your GDPR Rights Explained

Right of Access

Request a copy of all personal data we hold about you

Right to Rectification

Correct any inaccurate or incomplete personal data

Right to Erasure

Request deletion of your personal data under certain conditions

Data Portability

Receive your data in a portable, machine-readable format

Processing Timeline

⏱️
Response within 30 days (extendable by 2 months for complex requests)
🔐
Identity verification required for security
📧
Email confirmation sent upon receipt

⚠️ Important Notice

For security purposes, we will need to verify your identity before processing any GDPR request. This may involve providing official identification documents. All requests are processed securely and confidentially in accordance with GDPR requirements.