RobotX Data Privacy Statement

Version 1.1

1. Introduction

RobotX B.V. (“RobotX”, “we”, “our”, or “us”) is committed to protecting the privacy and security of personal data. This Data Privacy Statement explains how RobotX collects, uses, stores, and protects personal data in the course of its business activities, including the operation of our website www.robotx.com, related communications, and the provision of our software and services.

RobotX acts as a data controller when determining the purposes and means of processing personal data (for example, in marketing, recruitment, or client communications), and as a data processor when processing data on behalf of customers within the RobotX platform.

This Statement is intended to satisfy the transparency obligations under the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and other applicable privacy laws.

2. Data controller details

RobotX B.V.
Statenweg 204, 3033 JA Rotterdam, The Netherlands
Registered with the Dutch Chamber of Commerce (KvK) under number 67741061
Email: info@robotx.eu

3. Categories of personal data processed

RobotX may process the following categories of personal data:

• Contact details – name, job title, company, email address, telephone number, and postal address.

• Technical and usage data – IP address, browser type, device identifiers, time zone settings, operating system, and interaction data collected via cookies or analytics.

• Customer account and service data – information uploaded, generated, or processed by users of the RobotX platform in the context of a customer engagement.

• Communication data – correspondence, feedback, and enquiry details submitted via forms, email, or other means.

• Recruitment data – CVs, references, and other details provided during job applications (where applicable).

4. Purposes of processing

Personal data is processed for the following purposes:

1. To operate and maintain the RobotX website and related digital services;

2. To respond to enquiries and manage relationships with customers, partners, and suppliers;

3. To provide, support, and improve RobotX products and services;

4. To comply with legal or regulatory obligations;

5. To ensure information security, system monitoring, and fraud prevention;

6. To manage marketing communications, subject to applicable consent requirements;

7. To evaluate and recruit potential employees and contractors.

RobotX does not sell, lease, or trade personal data to third parties for marketing purposes.

5. Legal basis for processing

RobotX processes personal data based on one or more of the following legal grounds:

• Performance of a contract – where processing is necessary for the performance of a contract or to take steps prior to entering into a contract;

• Legitimate interests – to operate and improve our services, maintain business relationships, ensure security, and prevent misuse;

• Consent – where individuals have voluntarily provided consent (e.g., cookie preferences or marketing subscriptions);

• Legal obligation – where processing is required to comply with laws or regulations.

6. Data collected via the website

When visiting our website, we use Google Analytics 4 to collect aggregated and anonymised statistical information about visitor interactions. This includes page visits, time on site, browser type, and referring website.
IP addresses are anonymised before being stored by Google.
Google may process data on servers located within or outside the EU in accordance with its privacy policy.

Visitors can manage cookie preferences or disable cookies entirely through browser settings. For further details, see our Cookie Policy.

7. Data obtained from customers

When customers use RobotX software or services, we may process limited personal data contained within uploaded documents, audit evidence, or datasets.
In such cases, RobotX acts as a data processor, and the customer acts as the data controller.
Processing is performed strictly in accordance with the customer’s documented instructions and the terms of a Data Processing Agreement (DPA) executed between RobotX and the customer.

RobotX does not determine the purpose or means of such processing and does not use customer data for any purpose other than delivering and maintaining the contracted service.

8. Data sharing and sub-processors

RobotX may share personal data with trusted third-party service providers who support our operations, such as IT hosting, security, analytics, and communication services.

All third parties engaged by RobotX are bound by written agreements requiring them to process data only in accordance with our instructions and to implement appropriate security and confidentiality measures.

RobotX does not sell or disclose personal data to unauthorised third parties.

A list of current sub-processors is available upon request.

9. International data transfers

Where personal data is transferred outside the European Economic Area (EEA), RobotX ensures adequate protection through:

• The use of EU Standard Contractual Clauses (SCCs); or

• Other safeguards recognised under applicable data protection law.

Transfers are limited to what is strictly necessary for service provision and are subject to ongoing review.

10. Data retention

RobotX retains personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, accounting, or regulatory obligations.

Retention periods vary depending on the nature of the data and the context of processing.

When data is no longer required, it is securely deleted or anonymised in accordance with RobotX’s internal data retention and disposal policies.

11. Data security

RobotX implements appropriate technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure, or destruction.
These include:

• Secure cloud infrastructure with Microsoft Azure;

• Encryption of data in transit and at rest;

• Multi-factor authentication and access controls;

• Regular penetration testing and vulnerability assessments;

• Logging and monitoring of system access;

• Employee confidentiality and security awareness training.

12. Data subject rights

Individuals have the following rights under applicable data protection laws:

• The right to access personal data held about them;

• The right to request rectification or deletion of inaccurate or outdated data;

• The right to restrict or object to processing;

• The right to data portability where applicable;

• The right to withdraw consent (where consent was provided);

• The right to lodge a complaint with a supervisory authority.

Requests can be submitted to info@robotx.eu.
RobotX will verify the identity of the requester and respond within the statutory timeframe.

13. Children’s data

RobotX’s services and website are intended for business use and are not directed to children under the age of 18. We do not knowingly collect or process children’s personal data.

14. Changes to this Statement

RobotX may amend this Data Privacy Statement periodically to reflect changes in law, regulation, or operational practices.
The version number and effective date are indicated at the top of this page.
Substantial changes will be communicated through an update on our website.

15. Contact

For questions about this Statement or to exercise your rights, please contact:

Data Protection Officer
RobotX B.V.
Statenweg 204, 3033 JA Rotterdam, The Netherlands
Email: info@robotx.eu

You may also contact the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) if you are not satisfied with our response.