GDPR Compliance

At RiskCortex Limited, we recognize the importance of protecting personal data and respecting the privacy rights of individuals. Our Agentic AI solutions for regulatory risk compliance in Life Sciences are designed and operated in full compliance with the European Union’s General Data Protection Regulation (GDPR).

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that governs how organizations collect, process, store, and transfer personal data of individuals within the European Economic Area (EEA). It aims to give individuals greater control over their personal data and to harmonize data privacy laws across Europe.

Our Commitment to GDPR Compliance

We have implemented robust policies, procedures, and technical measures to ensure that all personal data processed through our Service is handled in accordance with GDPR principles, including:

• Lawfulness, Fairness, and Transparency: We process personal data only on lawful grounds, such as consent, legitimate interest, or contractual necessity, and provide clear information about how data is used.
• Purpose Limitation: Personal data is collected and processed strictly for specified, explicit, and legitimate purposes related to regulatory risk compliance and Service delivery.
• Data Minimization: We limit the collection and processing of personal data to what is necessary to fulfill the intended purposes.
• Accuracy: We take reasonable steps to ensure that personal data is accurate and kept up to date.
• Storage Limitation: Personal data is retained only for as long as necessary to meet legal, regulatory, or contractual obligations.
• Integrity and Confidentiality: We employ state-of-the-art security measures, including encryption, access controls, and regular security audits, to protect personal data from unauthorized access, alteration, or destruction.
• Accountability: We maintain detailed records of data processing activities and conduct regular GDPR compliance assessments.

Data Subject Rights

Under GDPR, individuals whose personal data we process have the following rights, which we support and facilitate:

• Right to Access: Individuals can request confirmation of whether their personal data is processed and obtain a copy of that data.
• Right to Rectification: Individuals can request corrections to inaccurate or incomplete personal data.
• Right to Erasure (“Right to be Forgotten”): Individuals can request deletion of their personal data under certain circumstances.
• Right to Restrict Processing: Individuals can request the limitation of processing their personal data.
• Right to Data Portability: Individuals can receive their personal data in a structured, commonly used format and transfer it to another controller.
• Right to Object: Individuals can object to processing based on legitimate interests or for direct marketing purposes.
• Rights Related to Automated Decision-Making: Given our use of AI, we ensure meaningful human oversight and provide mechanisms for individuals to challenge automated decisions where applicable.

Data Processing and Transfers

• Data Controller and Processor Roles: We clearly define roles and responsibilities regarding personal data. Typically, our customers act as data controllers, determining the purposes and means of processing, while we act as a data processor, processing data on their behalf.
• Data Processing Agreements (DPA): We provide DPAs to our customers outlining GDPR obligations and commitments.
• International Data Transfers: When personal data is transferred outside the EEA, we ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) or other approved mechanisms.

Security Measures

We adopt a defense-in-depth approach to security, including:

• Encryption of data at rest and in transit
• Role-based access controls and multi-factor authentication
• Regular vulnerability assessments and penetration testing
• Incident response and breach notification procedures aligned with GDPR timelines

Training and Awareness

Our team undergoes regular GDPR and data privacy training to maintain awareness of compliance obligations and best practices.

How to Contact Us