EU Data Protection

GDPR Compliance

Our commitment to European data protection. Axia CRM is built with privacy by design and adheres to the highest standards of the General Data Protection Regulation.

01

Overview

Axia CRM is fully committed to compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. We process personal data lawfully, fairly, and in a transparent manner. All data is collected for specified, explicit, and legitimate purposes and is not further processed in a manner incompatible with those purposes.

We apply the principles of data minimization, accuracy, storage limitation, and integrity and confidentiality to every aspect of our data processing operations. Our platform is designed with privacy by design and by default, ensuring that only the data necessary for each specific purpose is processed.

This page outlines your rights under the GDPR, the legal bases on which we process your personal data, our sub-processors, international data transfer mechanisms, and how to exercise your rights.

02

Your Rights Under GDPR

The GDPR grants you comprehensive rights over your personal data. Below is a detailed overview of each right and how Axia CRM supports its exercise.

Article 15

Right to Access

Request a complete copy of all personal data we hold about you. We will provide this in a structured, commonly used, and machine-readable format within 30 days of your request.

Article 16

Right to Rectification

Correct any inaccurate or incomplete personal data we hold about you. You can update most information directly through your account settings, or contact us for assistance.

Article 17

Right to Erasure

Request the deletion of your personal data, also known as the "right to be forgotten." We will erase your data unless we have a legitimate legal obligation to retain it.

Article 18

Right to Restrict Processing

Limit how we process your data in certain circumstances, such as when you contest the accuracy of your data or object to processing based on legitimate interests.

Article 20

Right to Data Portability

Receive your personal data in a structured, commonly used, machine-readable format (such as JSON or CSV) and transmit it to another controller without hindrance.

Article 21

Right to Object

Object to the processing of your personal data when it is based on legitimate interests, including profiling. We will cease processing unless we demonstrate compelling legitimate grounds.

Article 22

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you.

03

Legal Bases for Processing

We process your personal data only when we have a valid legal basis under Article 6 of the GDPR. The following legal bases apply to our processing activities.

Contract Performance

Processing necessary to provide you with the Axia CRM services you have signed up for, including account management, CRM features, pipeline management, and customer support.

Legitimate Interests

Processing necessary for our legitimate business interests, such as improving our services, ensuring platform security, preventing fraud, and conducting analytics to enhance user experience.

Consent

Processing based on your explicit consent, such as receiving marketing communications, newsletters, and promotional materials. You may withdraw consent at any time.

Legal Obligations

Processing required to comply with applicable laws and regulations, including tax obligations, financial reporting, anti-money laundering requirements, and regulatory compliance.

04

Data Processing Agreement (DPA)

For Enterprise customers, Axia CRM provides a comprehensive Data Processing Agreement (DPA) that governs the processing of personal data on your behalf. Our DPA is fully compliant with GDPR requirements under Article 28.

Detailed description of processing activities and sub-processors
Technical and organizational security measures (Article 32)
International data transfer mechanisms including Standard Contractual Clauses
Data breach notification procedures within 72 hours
Audit rights and compliance verification provisions
Data return and deletion obligations upon termination
Request DPA — dpa@axia.crm
05

Sub-Processors

We engage the following third-party sub-processors to assist in providing our services. Each sub-processor is bound by data processing agreements ensuring GDPR-compliant handling of personal data.

Sub-ProcessorPurposeLocation
Cloudflare
Infrastructure, CDN, DDoS protection, edge computingUS / EU
Vonage
VoIP telephony, call recording, power dialer servicesUS / EU
Mailgun
Transactional and marketing email deliveryUS / EU
06

International Data Transfers

When personal data is transferred outside the European Economic Area (EEA), we ensure adequate protections are in place through the following mechanisms.

Standard Contractual Clauses

All international data transfers are governed by EU-approved Standard Contractual Clauses (SCCs) as adopted by the European Commission under Decision 2021/914, ensuring contractual safeguards for personal data transferred outside the EEA.

EU Data Residency

Through our partnership with Cloudflare, we offer EU data residency options via their edge network. This ensures that data processing occurs within the European Union, minimizing cross-border data transfers for EU-based customers.

EU-US Data Privacy Framework

Our data processing activities are conducted in accordance with the EU-US Data Privacy Framework (DPF), providing additional legal certainty for transatlantic data flows as recognized by the European Commission's adequacy decision.

07

Data Protection Officer

Our Data Protection Officer (DPO) oversees our compliance with the GDPR and serves as the primary point of contact for all data protection inquiries. You may contact our DPO directly for any questions regarding the processing of your personal data or the exercise of your rights.

Mailing AddressAxia Technologies
1395 Brickell Ave
Miami, FL 33131
08

How to Exercise Your Rights

Exercising your data protection rights is straightforward. We have designed a simple process to ensure you can control your personal data at all times.

Step 01

Submit Your Request

Send an email to privacy@axia.crm describing which right you wish to exercise. Include sufficient information to verify your identity and specify the data concerned.

Step 02

Response Within 30 Days

We will acknowledge your request promptly and provide a substantive response within 30 days. If the request is complex or numerous, we may extend this period by an additional 60 days, notifying you of the extension and reasons.

Step 03

Free of Charge

The exercise of your rights is provided free of charge. We may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive, particularly if repetitive. In such cases, we will inform you of our decision and reasoning.

Contact privacy@axia.crm
09

Supervisory Authority

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. You may do so in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

We encourage you to contact us first at privacy@axia.crm so we can address your concerns directly. However, this does not affect your right to contact a supervisory authority at any time.

A list of EU data protection authorities can be found on the European Data Protection Board website.

Questions About Data Protection?

Our team is here to help with any questions about GDPR compliance, your rights, or how we handle your personal data. Reach out to us at any time.

Contact Privacy TeamContact DPO

Axia Technologies · 1395 Brickell Ave, Miami, FL 33131 · GDPR Compliant