ComplyLog ComplyLog

Privacy Policy

1.  INTRODUCTION

This privacy policy explains how ComplyLog by Euronext and Euronext Corporate Services Finland Oy (“ComplyLog”, “we”, “our”, or “us”) collects, uses, shares, and protects your personal data in its role as a Data Controller. It applies when you visit or interact with our website, use our web-based services, or engage directly with ComplyLog through our digital channels. In cases where ComplyLog acts as a Data Processor, such as when processing personal data on behalf of our clients, the applicable privacy statement will be provided on the relevant platform or service environment.

ComplyLog by Euronext is a brand owned by Euronext Corporate Solutions Sweden AB, a company located at Holländargatan 17, 111 60 Stockholm, Sweden, an affiliated company of Euronext Corporate Solutions and the Euronext N.V. Group. For certain services, including LiabilityLog, ComplyLog is represented by ECS Finland Oy (Business ID: 2700662-1, c/o Azets Insight Oy – 2700662-1 A, PB 15, 80020 KOLLEKTOR SCAN, Finland), which supports operational implementation of the ComplyLog services. Euronext N.V. is a Dutch company located at Beursplein 5, 1012 JW, Amsterdam, the Netherlands.

Our services are primarily provided on a contractual basis to corporate subscribers. As an individual user, you are entitled to use our services based on the terms agreed with the relevant corporate subscriber. We also collect personal data from non-users when you sign up for a demo.

ComplyLog is a global company offering services to users and customers worldwide. This policy has been created in accordance with the EU General Data Protection Regulation (GDPR), which came into effect on May 25, 2018, and other applicable data protection laws. Euronext Corporate Solutions Sweden AB is committed to ensuring that personal data is handled securely and responsibly, in compliance with data protection legislation.

This policy outlines how ComplyLog uses, transfers, and stores the personal data we collect from individuals (“Users”) when they access our website, use our Products, or otherwise submit their personal data to us. By using any of the ComplyLog Products and/or agreeing to the terms and conditions, you acknowledge and accept the practices described in this privacy policy. Please take a moment to read this document carefully.

When we refer to ComplyLog, “we” or “us” in this policy, we are referring to Euronext Corporate Solutions Sweden AB and its affiliates, together with, as applicable, the ComplyLog Products.

ComplyLog products

ComplyLog provides digital compliance tools to help companies meet regulatory obligations under EU laws, including the Market Abuse Regulation and the EU Whistleblowing Directive. Our product suite includes:

  • InsiderLog – Automates the creation and management of insider lists in line with MAR requirements.
  • TradeLog – Facilitates approval workflows and monitoring of employee trading activities.
  • IntegrityLog – Enables secure, anonymous whistleblowing in accordance with EU legislation.
  • LiabilityLog – Supports registration of personal liability in compliance with Finnish municipal law.

These tools help organizations reduce regulatory risk, ensure timely and accurate reporting, and streamline internal compliance processes.

Please refer to the Glossary for definitions of key terms used in this privacy policy.

This Privacy Policy was last updated in June 2025.

Table of contents

  1. INTRODUCTION.. 1
  2. IMPORTANT INFORMATION AND WHO WE ARE.. 4

2.1 Purpose and scope. 4

2.2 Controller /processor 4

2.3 Contact details. 5

2.4 UK Representative. 5

2.5 Changes to the privacy policy and your duty to inform us of changes. 5

  1. The data we collect about you. 5

3.1 Personal data we collect 5

3.2 If you choose not to provide personal data. 7

  1. How is your personal data collected?. 7
  2. How we use your personal data. 8
  3. Cookies and tracking technologies. 9
  4. Job applicants. 11
  5. Disclosure of your personal data and international transfers. 11

6.1 Group sharing. 11

6.2 Disclosure to third parties. 12

6.3 Safeguards and responsibilities. 12

6.4 Links to third-party websites and external platforms. 12

6.5 Social media. 12

  1. Data Security and confidential information. 13
  2. Data Retention. 13
  3. Your Rights. 14

9.1 No fee usually required. 15

  1. Updates to this Statement 15
  2. Annexes. 16

Annex 1 – Glossary of used terms. 16

2.  IMPORTANT INFORMATION AND WHO WE ARE

2.1 Purpose and scope

This privacy policy applies to personal data collected in the following scenarios:

  • When you visit or interact with our website
  • When you communicate with us (via email, phone, or contact forms)
  • When you attend webinars, events, or training sessions hosted by ComplyLog
  • When we manage our contractual relationship with clients, vendors, or partners, including invoicing, support, and account administration

As the Data Controller, ComplyLog determines the purposes and means of processing your personal data in these scenarios. This means that we are responsible for how and why your data is collected, used, and stored, and we ensure compliance with the applicable data protection laws and regulations, including the GDPR.

2.2 Controller /processor

As the Data Controller, ComplyLog determines the purposes and means of processing your personal data. This means we are responsible for how and why your data is collected, used, and stored.

For the purposes of this privacy policy, “ComplyLog” refers collectively to both Euronext Corporate Solutions Sweden AB (which manages the majority of ComplyLog services) and, for certain services (such as LiabilityLog), Euronext Corporate Services Finland Oy, which acts as an additional Data Controller and oversees operational implementation of those services.

The personal data we collect will be processed in accordance with this privacy policy and applicable data protection laws.In some cases, ComplyLog may act as a Data Processor. This occurs when we process personal data on behalf of a corporate subscriber or client, as part of the services we provide to them. In these situations, the corporate subscriber or client is the Data Controller, meaning they determine the purposes and means of processing the data. ComplyLog may use data related to Controller’s use of the Software for the purpose of service development and statistics.  ComplyLog processes the data strictly in accordance with their instructions and applicable data processing agreements.

Examples of when ComplyLog acts as a Data Processor:

  • When a client provides personal data to ComplyLog to facilitate access to ComplyLog Products (e.g., InsiderLog).
  • When ComplyLog is engaged to process data related to compliance and regulatory obligations on behalf of the corporate subscriber.

If you have any questions regarding whether ComplyLog is acting as a Data Processor or Data Controller in relation to your personal data, please refer to the privacy statement provided on the relevant platform or service.

We have appointed a Data Protection Officer (DPO) to oversee compliance and privacy-related matters. If you have any questions about this Privacy Policy or would like to exercise your rights, please contact the DPO using the contact details provided below.

2.3 Contact details

If you have any questions about this Privacy Policy or how ComplyLog processes your personal data, you can contact us using the details below:

  • Full legal entity name: Euronext Corporate Solutions Sweden AB (owner of the ComplyLog brand)
  • Company registration: Registered in Sweden under company number 559141-7083 (Swedish Companies Registration Office)
  • Registered office address: Holländargatan 17, 111 60 Stockholm, Sweden
  • Email address: ecs@euronext.com

2.4 UK Representative

For individuals in the UK, our appointed representative is:

Company name: ECS UK
Company registration number: Z9612769
Email address: dpo.ecs@euronext.com

2.5 Changes to the privacy policy and your duty to inform us of changes

This version was last updated on the date stated at the beginning of this privacy policy. We reserve the right to amend this privacy policy from time to time as required to ensure its accuracy.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

3.  The data we collect about you

3.1 Personal data we collect

Personal data, or personal information, refers to any data relating to an identified or identifiable natural person. This includes data that can directly or indirectly identify you, such as a name, identification number, or location data. Data that has been anonymised so that it cannot be linked back to an individual is not considered personal data under applicable law. For formal definitions, please refer to Annex 1 – Glossary of Terms.

When you visit or interact with the ComplyLog website, use our services directly, or engage with our digital channels, we may collect and process the following categories of personal data in our capacity as a Data Controller:

  • Device and technical information: Information about your browser, device, operating system, and other technical identifiers, such as IP address and cookies. This data is collected through analytics tools, cookies, and log files to monitor site performance and enhance the user experience.
  • Contact and professional information: When you fill in a contact form, request a demo, sign up for a newsletter or event, or download content, we may collect your name, email address, phone number, job title, and company name.
  • Usage data: Data on how you interact with our website, including pages visited, time spent, click behaviour, and referring URLs. This information may be collected via tracking tools such as cookies and pixels.
  • Marketing preferences: If you consent to receive marketing communications, we collect your preferences and track engagement with emails (e.g., opens and clicks) to improve relevance and performance.
  • Professional and financial data: In some contexts—such as support processes or contract management—we may collect information related to your company affiliation, role, and basic contract-related data.
  • Data sources: We may collect personal data directly from you or receive it through third-party platforms, integration tools, or publicly available sources (e.g., LinkedIn or business databases), where legally permitted.
  • Service development: We may use personal data for the purposes of enhancing our services, improving platform functionality, conducting statistical analysis, and bettering user experience.
  • Data collected from corporate subscribers: In some cases, personal data about individuals working with our corporate subscribers may be collected, including name, job title, email address, and role within the organization.

We do not collect special categories of personal data, such as health-related information, racial or ethnic origin, religious or philosophical beliefs, trade union membership, or sexual orientation.

This personal data is collected and processed for purposes such as responding to inquiries, delivering requested services or information, improving our platforms, and conducting direct B2B marketing in accordance with applicable data protection legislation. All processing is governed by our internal Records of Processing Activities (ROPA) and data governance protocols.

Aggregated and anonymised Data

We may use aggregated or anonymised data (such as traffic reports or usage trends) for analytical and internal reporting purposes. This data does not identify you and is not considered personal data under data protection law. For example, we may use aggregated analytics to assess how many visitors access a particular page.

If we ever combine anonymised or aggregated data with information that could identify you, we will treat the combined data as personal data and handle it in line with this privacy policy.

3.2 If you choose not to provide personal data

In cases where we need to collect personal data by law or to fulfil a specific request (e.g. contacting you after a demo request), and you choose not to provide that information, we may be unable to respond to your request or provide certain features of the website. We will inform you at the time if this is the case.

4.  How is your personal data collected?

ComplyLog collects personal data through several methods, depending on how you interact with our website or engage with our services. In our role as a Data Controller, we may collect personal data through the following channels:

  • Direct interactions: You may provide personal data directly by completing forms on our website—such as requesting a demo, downloading resources, signing up for a ComplyLog hosted event or webcast, or contacting us via phone or email. This typically includes your name, email address, phone number, job title, and company name.
  • Event and webcast participation (hosted by ComplyLog): When you register for or attend an event or webinar organised by ComplyLog, we may collect data such as registration details, attendance records, poll responses, chat inputs, and feedback submissions. This information helps us manage the event, follow up with participants, and improve future sessions.
  • Automated technologies and analytics: As you browse our websites or use our digital services, we may automatically collect technical data using cookies, pixels, server logs, and similar technologies. This includes your IP address, browser type, device information, session duration, referring URLs, and interaction patterns on the site. Personal identifiers are collected only where you have given consent; otherwise, data is anonymised or aggregated.
  • Third-party and public sources: We may enrich our data using information obtained from:
    • Registration and feedback tools used for ComplyLog hosted events
    • CRM and communication platforms used for client engagement
    • Lead generation and marketing providers
    • Publicly available sources such as LinkedIn or company websites
  • Contractual and business engagements: In the context of establishing or managing contractual relationships, ComplyLog may collect and process personal data as a Data Controller. This includes:
    • Contact details such as names, job titles, business email addresses, and phone numbers of individuals representing current or prospective clients, suppliers, or partners;
    • Information related to the negotiation, signing, and administration of contracts;
    • Data necessary for billing, support, or customer account management;
    • Records maintained to comply with legal, tax, or regulatory obligations (e.g. audit logs, due diligence documentation).

This data is processed to facilitate business operations, fulfil contractual obligations, and ensure compliance with applicable legal requirements.

5.  How we use your personal data

ComplyLog processes personal data only where permitted under applicable data protection legislation, including the GDPR and the UK GDPR. When you visit our website, engage with our content, register for events, request information, or otherwise interact directly with us, ComplyLog acts as a Data Controller, determining the purposes and means of processing your personal data.

We rely on several legal bases for processing, depending on the context of the interaction:

Legal Basis Purpose of Processing
Consent Where required, we rely on your explicit consent to process personal data for specific purposes. You may withdraw your consent at any time. This may include:

 

·       Sending newsletters, product updates, and event invitations;

·       Placing non-essential cookies or tracking technologies on your device.
Legal obligations In limited cases, we may process personal data to comply with legal or regulatory requirements. This may include:

 

·       Maintaining records for financial, audit, or compliance purposes;

·       Responding to lawful requests from public authorities;

·       Safeguarding legal claims or ensuring regulatory compliance.
Legitimate interests We process personal data to support our legitimate business interests, provided these do not override your fundamental rights and freedoms. This may include:

 

·       Improving our website functionality and user experience;

·       Analysing website traffic and visitor engagement using cookies and analytics tools;

·       Responding to inquiries, demo requests, and content downloads;

·       Conducting internal reporting and marketing performance analysis;

·       Identifying potential business leads through B2B marketing tools;

·       Enriching business contact data from public or third-party sources;

·       Running targeted advertising campaigns (where legally allowed).
Performance of a contract We process personal data where necessary to enter into or fulfil a contract with you or the organisation you represent. This may include:

 

·       Managing business relationships and client communications;

·       Providing access to requested services or features;

·       Issuing invoices, administering agreements, and delivering support;

·       Processing data necessary to formalise or renew service contracts.
Profiling or automated decision-making ComplyLog does not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals. Any segmentation or analysis is used solely to improve service delivery or marketing relevance and is not used to make decisions that affect individual rights.

5.1    Cookies and tracking technologies

The ComplyLog website uses cookies to distinguish you from other users, enhance your experience, and help us analyse and improve the platform. Cookies also allow us to personalise content and understand how users interact with the website.

Cookies used on the website are categorised as follows:

  • Strictly necessary cookies – Essential for the core functionality of the Portal.
  • Functional cookies – Used to enhance features and personalise your experience.
  • Performance cookies – Help us measure traffic and usage to improve performance.
  • Targeting cookies – May be used to deliver relevant content or advertisements, where applicable.

You can manage your cookie preferences through your browser settings. You may choose to refuse some or all cookies or set your browser to alert you when cookies are being used. Please note that disabling certain cookies may affect the availability or functionality of parts of the website.

Duration of cookies:

The duration for which cookies remain on your device depends on the type of cookie. Session cookies are temporary and expire once you close your browser, while persistent cookies remain on your device for a longer period (usually ranging from a few days to two years) unless deleted. You can manage the duration of cookie storage and delete cookies at any time by following the browser-specific cookie removal instructions provided earlier in this policy.

Third-Party cookies

We also use third-party cookies for various purposes:

Third Parties Purposes
HubSpot Functional and Analytics
Segment Analytics
Leadfeeder Analytics
Google Analytics Analytics
Google Adwords Advertising
LinkedIn Advertising
Microsoft Ads Advertising

Cookie removal instructions

As part of our commitment to privacy and compliance with the GDPR, we provide the following information on how to remove cookies from your browser:

Google Chrome:

  1. Open Chrome and click on the three-dot menu icon in the top-right corner.
  2. Select “Settings” from the drop-down menu.
  3. Under the “Privacy and security” section, click on “Clear browsing data.”
  4. Select the time range for which you want to remove cookies.
  5. Check the box next to “Cookies and other site data.”
  6. Click on the “Clear data” button to remove the cookies.

Mozilla Firefox:

  1. Open Firefox and click on the menu button (three horizontal lines) in the top-right corner.
  2. Select “Settings” from the menu.
  3. In the left sidebar, click on “Privacy & Security.”
  4. Under the “Cookies and Site Data” section, click on the “Clear Data” button.
  5. Check the box next to “Cookies and Site Data.”
  6. Click on the “Clear” button to remove the cookies.

Safari:

  1. Open Safari and click on “Safari” in the top menu.
  2. Select “Settings” from the drop-down menu.
  3. In the Preferences window, click on the “Privacy” tab.
  4. Click on the “Manage Website Data” button.
  5. In the new window, select the website(s) for which you want to remove cookies.
  6. Click on the “Remove” button, then click “Done” to confirm.

Please note that the above instructions may vary slightly depending on the browser version you are using. If you are using a different browser, we recommend referring to the browser’s documentation or support website for specific instructions.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at dpo.ecs@euronext.com.

If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Cookies consent and preferences:

When you first visit the ComplyLog website, you will be prompted with a cookie banner that allows you to manage your cookie preferences. You can choose to accept or reject non-essential cookies such as performance and targeting cookies. If you accept these cookies, you are giving your explicit consent for ComplyLog to process your personal data as described in this privacy policy.

You have the right to change your cookie preferences at any time by accessing the “cookie settings” on our website. Please note that rejecting certain cookies may affect the functionality of some parts of the website and services.

7.  Job applicants

The personal data you provide as part of a job application (e.g., CV, cover letter, and other application-related materials) is processed in accordance with the applicable privacy policy of Euronext Corporate Solutions. We collect, use, and protect this data to assess your qualifications, communicate with you regarding job opportunities, and comply with legal requirements.

For detailed information on how we collect, use, and protect your personal data during the recruitment process, please refer to the specific Euronext Corporate Solutions privacy policy.

8.  Disclosure of your personal data and international transfers

Personal data processed by ComplyLog may be stored on secure servers located within the European Economic Area (EEA). In certain cases, personal data may be transferred outside the EEA, the United Kingdom (UK), or Switzerland. When such transfers occur, ComplyLog ensures that appropriate safeguards are in place in accordance with applicable data protection laws. These safeguards may include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • The UK International Data Transfer Agreement (IDTA);
  • Adequacy decisions issued by the European Commission or relevant UK authority.
  • Participation in recognised data transfer frameworks, such as:
    • The EU-U.S. Data Privacy Framework
    • The UK Extension to the EU-U.S. Data Privacy Framework
    • The Swiss-U.S. Data Privacy Framework

Euronext US Inc. and relevant subsidiaries are certified under these frameworks where applicable.

6.1 Group sharing

We may disclose your personal data to other entities within the Euronext N.V. group, of which ComplyLog is a subsidiary, for internal administrative, compliance, and operational purposes.

6.2 Disclosure to third parties

We may also disclose your personal data to trusted third parties in limited circumstances and for purposes aligned with the services we provide. These include:

  • Regulatory authorities or law enforcement agencies, where required by law
  • Third-party service providers who support us with IT infrastructure, hosting, analytics, support, and communication tools
  • Third parties involved in financial market activities, events, or training sessions organised in collaboration with ComplyLog.
  • Professional advisers, including legal, tax, compliance, and accounting consultants.
  • Prospective buyers or business partners in connection with a potential merger, acquisition, or corporate restructuring

6.3 Safeguards and responsibilities

We require all third parties to respect the security and confidentiality of your personal data and to process it in accordance with applicable data protection laws. Third-party service providers are not permitted to use your personal data for their own purposes and may only process it on our instructions and for the specified purposes set out in our agreements with them.

6.4 Links to third-party websites and external platforms

The ComplyLog website may contain links to external websites or services. This privacy policy does not apply to those third parties, and ComplyLog is not responsible for their data processing practices. We encourage you to review their privacy policies.

Additionally, ComplyLog may use external tools and platforms operated by third parties—for example, to collect customer feedback, reviews, or provide comparison services. When you interact with these tools (such as leaving a review), the processing of your personal data is governed by the privacy policy of the respective third-party provider. ComplyLog is not responsible for how those parties handle your data, and we recommend that you consult their privacy statements before submitting any personal information.

6.5 Social media

If you share content from the ComplyLog website via social media, your personal data may become visible to others based on your privacy settings on those platforms. ComplyLog is not responsible for the processing of your data by such platforms.

7. Data Security and confidential information

ComplyLog is committed to protecting your personal data and has implemented appropriate technical and organisational measures to safeguard it against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

Euronext Corporate Solutions Sweden AB is certified under ISO/IEC 27001:2013 (information security management), ensuring that your data is handled in accordance with internationally recognised standards.

To protect personal data, ComplyLog applies robust security controls, including:

  • Secure servers and firewall protection to prevent unauthorised access to the platform and customer data.
  • Encryption of data where applicable, including during certain data transmissions
  • Restricted, role-based access controls ensuring that only authorised personnel with a business need can access personal data.
  • Regular security audits, assessments, and monitoring to identify risks and maintain certification requirements.

In addition, we have procedures in place to deal with any suspected personal data breaches. Where legally required, we will notify affected individuals and relevant data protection authorities without undue delay.

Please note that while ComplyLog takes reasonable steps to secure your data, the transmission of data over the internet is never completely secure. For example, email and other external communications are not encrypted. We strongly advise you not to send sensitive personal information (such as bank or credit card details) via email. By choosing to use email or other unencrypted methods, you acknowledge the potential risk of interception by third parties and accept that ComplyLog is not responsible for any resulting loss or damage.

8. Data Retention

ComplyLog will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including to respond to your inquiries, manage communications, improve our website, or comply with legal and regulatory obligations.

When determining how long to retain your data, we consider:

  • The nature, sensitivity, and volume of the personal data
  • The potential risk of harm from unauthorised access or disclosure
  • The specific purpose for which we collected the data and whether that purpose can still be achieved.
  • Legal, regulatory, or contractual retention obligations that may apply.

If you have an active business relationship with ComplyLog, retention periods may be extended as needed to meet contractual or legal obligations.

You may request the deletion of your personal data at any time, subject to our legal obligations. For more information, please see section 9 on your rights.

9. Your Rights

As a data subject, you have certain rights under applicable data protection laws in relation to the personal data we process about you. These rights are not absolute and may be subject to limitations or exemptions under relevant law.

The table below outlines your key rights:

Right What it means
Right to be informed You have the right to be informed about how we collect, use, and store your personal data, including your rights in relation to that data.
Right of access You may request confirmation of whether we process your personal data and obtain a copy of the data we hold about you.
Right to rectification You can ask us to correct any inaccurate or incomplete personal data we hold about you.
Right to erasure In certain circumstances, you may request the deletion of your personal data. You may also have the right to provide post-mortem instructions regarding the handling of your personal data after your death, where this is provided under applicable law (e.g. French data protection law). ComplyLog will comply with such instructions where legally required.
Right to restrict processing You may request that we restrict the use of your personal data in specific cases, such as when you contest its accuracy or object to our use of it. During restriction, we may store your data but not process it further.
Right to object Where we process your personal data based on legitimate interests, you have the right to object. We will stop the processing unless we demonstrate compelling legitimate grounds to continue.
Right to data portability Where processing is based on your consent or a contract with you, you may request to receive your personal data in a structured, commonly used, machine-readable format or to have it transferred to another controller, where technically feasible.

You may exercise your rights by contacting us through one of the following methods:

  • Contacting the Euronext Data Protection Officer: dpo.ecs@euronext.com
  • By post:
    Euronext Corporate Solutions Sweden AB
    Attn. Data Protection Officer
    14, place des Reflets – CS30064
    92054 Paris la Défense.

We may request proof of identity to verify your request in line with our internal procedures.

Supervisory Authorities

You also have the right to lodge a complaint with the competent supervisory authority. We encourage you to contact us first to allow us the opportunity to address your concerns.

Contact details of data protection authorities in jurisdictions where ComplyLog is active:

9.1 No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

10. Updates to this Statement

This Privacy Statement may be updated from time to time. The latest version will always be available on our website. We encourage you to review it periodically

11. Annexes

Annex 1 – Glossary of used terms

Term Definition
Anonymised data Data that has been processed in such a way that it can no longer be used to identify an individual, either directly or indirectly. Anonymised data is no longer considered personal data under data protection laws and is not subject to GDPR requirements.
Compliance with a legal obligation Processing is necessary to comply with a legal or regulatory obligation to which ComplyLog or a corporate subscriber is subject.
Consent Your freely given, specific, informed, and unambiguous indication (e.g. via opt-in or checkbox) that you agree to the processing of your personal data for a specific purpose, such as receiving marketing communications. You have the right to withdraw your consent at any time.
Controller A natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means are determined by Union or Member State law, the controller or the criteria for its nomination may be provided by such law.
Cookie A small text file stored on a user’s device by a website or application, often containing an online identifier or other browsing data used for functionality, analytics, or tracking purposes.
Data Protection Authority (DPA) An independent public authority that is responsible for monitoring the application of data protection laws, handling complaints, and enforcing compliance.
Data subject An identified or identifiable natural person to whom personal data relates.
Lawful basis The legal grounds under data protection laws that allow the processing of personal data. These include legitimate interest, performance of a contract, compliance with a legal obligation, and consent.
Legitimate interest Processing is necessary for the purposes of the legitimate interests pursued by ComplyLog or a third party, provided those interests are not overridden by your rights and interests. This includes, for example, internal administrative purposes or ensuring platform security. We always balance our interests with your rights before relying on this basis.
Performance of a contract Processing is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into such a contract. This also applies where we process data on behalf of your employer or a corporate subscriber under a service contract.
Personal data Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.
Processing Any operation or set of operations performed on personal data, whether or not by automated means. This includes collection, recording, organisation, structuring, storage, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, restriction, erasure, or destruction.
Processor A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Controller.
Pseudonymised data Personal data that has been processed so that it can no longer be attributed to a specific individual without additional information (e.g. a key). Pseudonymised data is still considered personal data under the GDPR and must be protected accordingly.
Third country A country outside the European Economic Area (EEA). Transfers of personal data to third countries are subject to specific safeguards under the GDPR, such as Standard Contractual Clauses, adequacy decisions, or other mechanisms to ensure an adequate level of protection.