GDPR Compliance

EntraLock is committed to compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, which protects the personal data of individuals in the European Union (EU) and European Economic Area (EEA).

1. Our Role Under GDPR

Depending on the context, EntraLock may act as a data Controller (when determining the purposes and means of processing personal data, e.g., for billing and account management) or a data Processor (when processing personal data on behalf of our customers, e.g., encrypting and routing their communications).

2. Principles of Data Processing

We adhere to the core principles of GDPR, ensuring personal data is:

• Processed lawfully, fairly, and transparently.
• Collected for specified, explicit, and legitimate purposes.
• Adequate, relevant, and limited to what is necessary.
• Accurate and, where necessary, kept up to date.
• Retained only for as long as necessary.
• Processed in a manner that ensures appropriate security.

3. Data Subject Rights

Under GDPR, individuals have the following rights concerning their personal data:

• **Right to Information:** To be informed about the collection and use of their personal data.
• **Right of Access:** To obtain confirmation that their data is being processed and to access that data.
• **Right to Rectification:** To have inaccurate personal data corrected.
• **Right to Erasure ("Right to be Forgotten"):** To have their personal data erased in certain circumstances.
• **Right to Restriction of Processing:** To limit the processing of their personal data.
• **Right to Data Portability:** To receive their personal data in a structured, commonly used, and machine-readable format.
• **Right to Object:** To object to processing based on legitimate interests or direct marketing.
• **Rights related to automated decision-making and profiling.**

To exercise any of these rights, please contact us at sales@entralock.com.

4. Data Security and Breach Notification

We implement state-of-the-art security measures, including our quantum-resistant encryption, to protect personal data. In the event of a data breach, we commit to notifying affected parties and relevant supervisory authorities in accordance with GDPR requirements.

5. International Data Transfers

If personal data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses, to protect the data as required by GDPR.

Last updated: July 5, 2025