Last updated: April 2025

At Gexzen, data protection and privacy are fundamental to how we operate. This page outlines our commitment to complying with the General Data Protection Regulation (GDPR) and explains how we handle personal data responsibly and lawfully.

1. Our Commitment to GDPR

Gexzen is committed to processing personal data in accordance with GDPR principles, including:

• Lawfulness, fairness, and transparency

• Purpose limitation

• Data minimization

• Accuracy

• Storage limitation

• Integrity and confidentiality

We apply these principles across all our data collection, processing, and delivery practices.

2. Role Under GDPR

Under GDPR, Gexzen may act as:

• Data Processor — when processing personal data on behalf of clients to deliver custom B2B lead lists

• Data Controller — for personal data related to our own business operations (e.g., website inquiries, customer communications)

3. Lawful Basis for Processing

We process personal data under the following lawful bases, as applicable:

• Legitimate Interest — for B2B data processing related to professional contact information

• Contractual Necessity — to deliver services requested by our clients

• Legal Obligation — where required by applicable laws

We do not process sensitive personal data.

4. Types of Data We Process

Personal data processed by Gexzen may include:

• Business contact details (name, job title, company)

• Professional email addresses

• Publicly available business information

All data is collected from lawful and publicly accessible sources or provided by clients.

5. Data Subject Rights

In accordance with GDPR, individuals may have the right to:

• Access their personal data

• Request correction of inaccurate data

• Request deletion or restriction of processing

• Object to processing based on legitimate interest

Requests can be submitted via email and will be handled in accordance with GDPR timelines.

📧 contact@gexzen.com