This notice fulfils Scanlex's transparency obligations under Articles 13 and 14 of the General Data Protection Regulation (EU) 2016/679 (GDPR). It describes how we process personal data in connection with our website and compliance advisory services.
The data controller for personal data processed through this website and in connection with Scanlex advisory engagements is:
Scanlex Ltd
Registration number: 14232412
Registered address: Tornimäe tn 5, Kesklinna linnaosa, Tallinn, Harju maakond, 10145, Estonia, EU
Email: contact@scanlex.eu
Website: scanlex.eu
| Data category | Examples | Source |
|---|---|---|
| Contact and identification data | Name, email, company, job title | Provided by you via contact forms |
| Professional context data | Industry sector, service interest, compliance situation | Provided by you via contact forms |
| Engagement data | Correspondence, deliverables, meeting notes | Generated during service delivery |
| Technical data | IP address, browser type (server logs only) | Automatically collected on site visit |
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Responding to enquiries and arranging scoping calls | Art. 6(1)(b) — pre-contractual steps |
| Delivering compliance advisory services | Art. 6(1)(b) — performance of contract |
| Sending regulatory updates relevant to your stated interests | Art. 6(1)(f) — legitimate interests |
| Maintaining records for legal and professional obligations | Art. 6(1)(c) — legal obligation |
| Improving our services based on engagement experience | Art. 6(1)(f) — legitimate interests |
| Data type | Retention period |
|---|---|
| Enquiry data where no engagement proceeds | 12 months from initial contact |
| Engagement data (correspondence, deliverables) | Duration of engagement + 6 years |
| Financial records (invoices, payments) | 7 years (legal obligation) |
| Server log technical data | 30 days (automatic deletion) |
Request a copy of all personal data we hold about you, including the purposes and recipients.
Request correction of inaccurate or incomplete personal data without undue delay.
Request deletion of your data where it is no longer necessary or processing is unlawful.
Request that we limit processing of your data in certain defined circumstances.
Receive your data in a structured, machine-readable format where technically feasible.
Object to processing based on legitimate interests, including direct marketing.
To exercise any right, contact us at contact@scanlex.eu. We will respond within 30 days. We may ask you to verify your identity before processing your request. There is no fee for exercising your rights.
We do not subject any individual to automated decision-making or profiling as defined under GDPR Article 22. All decisions made in connection with our services involve human review.
We do not transfer personal data to countries outside the European Economic Area (EEA) except where adequate safeguards are in place (such as EU Standard Contractual Clauses) and we have assessed transfer impact appropriately. Where we use service providers based outside the EEA, we ensure GDPR-compliant data processing agreements are in place.
We implement appropriate technical and organisational measures to protect personal data against accidental loss, destruction, alteration, unauthorised disclosure, or access. These include encrypted communication channels, access controls, and secure data storage. We review our security measures regularly.
If you believe we have processed your personal data unlawfully or in breach of your rights, you have the right to lodge a complaint with your national data protection supervisory authority. A full list of EU supervisory authorities is available at edpb.europa.eu.
We encourage you to contact us first at contact@scanlex.eu so we can attempt to resolve any concern directly.
We review and update this GDPR Notice regularly. The date of the most recent update is shown at the top of this page. Material changes will be communicated to existing clients by email where appropriate.