Privacy Policy

Last updated: March 2026  ·  Scanlex  ·  contact@scanlex.eu

1. Who We Are

Scanlex is a specialist EU AI Act and cross-regulatory compliance consultancy operating across the European Union. For the purposes of GDPR, Scanlex acts as the data controller in respect of personal data submitted through this website.

Scanlex Ltd
Registration number: 14232412
Registered address: Tornimäe tn 5, Kesklinna linnaosa, Tallinn, Harju maakond, 10145, Estonia, EU
Contact: contact@scanlex.eu

2. What Personal Data We Collect

We collect personal data only when you voluntarily submit it through the contact or enquiry forms on this website. This includes:

• Full name
• Business email address
• Company name
• Your role / job title
• Your industry sector
• Service of interest
• Any information you include in the free-text message field

We do not collect sensitive personal data (special categories under GDPR Article 9) through this website. We do not use tracking pixels, advertising networks, or behavioural profiling tools.

3. Legal Basis for Processing

Purpose	Legal Basis (GDPR Article 6)
Responding to your enquiry and arranging the initial scoping call	Art. 6(1)(b) — performance of a contract / pre-contractual steps at your request
Sending you information relevant to your stated compliance interests	Art. 6(1)(f) — legitimate interests (you have contacted us for professional advice)
Complying with legal obligations applicable to our business	Art. 6(1)(c) — compliance with legal obligation

4. How We Use Your Data

We use the information you submit to:

• Respond to your enquiry within one business day
• Arrange and conduct the complimentary scoping call
• Provide the compliance advisory services you have requested
• Send relevant updates about EU AI Act regulatory developments where you have indicated interest

We do not use your data for automated decision-making or profiling. We do not sell, rent, or share your personal data with third parties for marketing purposes.

5. Data Retention

If no engagement proceeds following initial contact, we retain your submitted data for a maximum of 12 months, after which it is securely deleted. If an engagement proceeds, we retain data for the duration of the engagement plus 6 years in accordance with applicable professional and legal obligations.

6. Third Parties and Data Transfers

We do not transfer your personal data to third countries outside the European Economic Area without appropriate safeguards. Where we use service providers (such as email hosting), we ensure they are GDPR-compliant and bound by appropriate data processing agreements.

7. Your Rights Under GDPR

You have the following rights in respect of your personal data:

• Right of access — request a copy of the personal data we hold about you (Article 15)
• Right to rectification — request correction of inaccurate data (Article 16)
• Right to erasure — request deletion of your data in certain circumstances (Article 17)
• Right to restrict processing — request limitation of processing in certain circumstances (Article 18)
• Right to data portability — receive your data in a structured, machine-readable format (Article 20)
• Right to object — object to processing based on legitimate interests (Article 21)
• Right to withdraw consent — where processing is based on consent, you may withdraw at any time

To exercise any of these rights, contact us at contact@scanlex.eu. We will respond within 30 days.

8. Complaints

If you believe your data protection rights have been infringed, you have the right to lodge a complaint with your national supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu.

9. Cookies

Please see our Cookie Policy for full information on how we use cookies on this website.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The date of the most recent revision is shown at the top of this page. Continued use of this website following any update constitutes acceptance of the rev