GDPR Compliance

Obsydia Technologies Ltd

Contact: contact@obsydia.tech
Data Protection Officer: support@obsydia.tech

1. Our GDPR Compliance

Obsydia Technologies operates under UK GDPR and Data Protection Act 2018. We maintain comprehensive data processing records, conduct regular compliance audits, and implement privacy by design principles in all our services.

2. Article 17 — Right to Erasure

Your Rights: You can request deletion of your personal data. We will respond within one month and provide confirmation when data has been erased.

Core0 Implementation: Our software provides automated erasure capabilities with cryptographically signed receipts to help you comply with your customers' erasure requests.

3. Article 20 — Right to Data Portability

Your Rights: You can request your data in a structured, machine-readable format for transfer to another provider.

Core0 Implementation: Export functions provide CSV and structured data formats for customer compliance with portability requests.

4. Article 25 — Data Protection by Design

Our Approach: Privacy and security are embedded in all our services from conception. We implement data minimisation, encryption by default, and clear consent mechanisms.

Core0 Architecture: Field-level encryption, tokenisation, and separation of personal data from application databases by design.

5. Article 30 — Records of Processing

Our Records: We maintain detailed processing activity records including purposes, data categories, retention periods, and security measures.

Core0 Audit Trail: Comprehensive audit logs automatically maintain records of all data processing activities for your compliance needs.

6. Article 32 — Security of Processing

Technical Measures: End-to-end encryption, access controls, regular security testing, and incident response procedures.

Organisational Measures: Staff training, clear data handling procedures, regular reviews, and continuous improvement processes.

7. Article 33 & 34 — Breach Notification

We will notify the ICO within 72 hours of becoming aware of any data breach affecting personal data. If the breach poses high risk to individuals, we will also notify affected persons without undue delay.

8. Your Compliance Obligations

When using Obsydia Core0, you remain the data controller for your customers' data. You are responsible for: (a) lawful basis for processing; (b) providing privacy notices; (c) handling data subject requests; (d) conducting impact assessments where required.

9. Data Processing Agreement

Our standard Data Processing Agreement covers our role as a processor for any personal data processed through our services. This includes security measures, sub-processing arrangements, and assistance with compliance obligations.

10. Compliance Support

We provide technical assistance for compliance including audit documentation, security certifications, and guidance on implementing GDPR requirements using our infrastructure.

Last updated: March 2026
Compliant with UK GDPR and Data Protection Act 2018