(LEGAL)
Data Protection Policy
Effective May 5, 2026
This Data Protection Policy describes the principles and practices EPOQGRID Labs follows when processing personal data. It is a boilerplate version pending review by our legal team and may evolve as our jurisdictions and obligations change.
1. Scope
This policy applies to all personal data EPOQGRID Labs processes about prospects, customers, partners, employees, and visitors to our digital properties. It complements — and is to be read alongside — our Privacy Policy.
2. Data controller
EPOQGRID Labs is the controller for personal data collected through our website and services. Our contact details are at the bottom of this page.
3. Lawful bases for processing
We process personal data only when we have a lawful basis to do so: performance of a contract, our legitimate interests (where they are not overridden by your rights), your consent, or compliance with a legal obligation.
4. Data minimisation and purpose limitation
We collect only the personal data we need for clearly defined purposes, and we do not repurpose it for unrelated uses without a fresh lawful basis.
5. Retention
Personal data is retained only as long as needed to fulfil the purpose for which it was collected, to meet legal obligations, or to defend legal claims. Once those needs are met, the data is deleted or fully anonymised.
6. Security
We maintain technical and organisational measures appropriate to the risk, including access controls, encryption in transit, secure software development practices, and routine vendor reviews. Staff with access to personal data are bound by confidentiality obligations.
7. Subprocessors and transfers
We use a small number of vetted subprocessors to operate the service. Where personal data is transferred outside its country of origin, we apply appropriate safeguards — including the European Commission's Standard Contractual Clauses where required.
8. Your rights
Depending on your jurisdiction, you may exercise rights of access, rectification, erasure, restriction, portability, objection, and the right not to be subject to solely automated decisions. You may also withdraw consent at any time without affecting prior processing.
9. Breach response
We maintain an incident response process. If a personal-data breach is likely to result in a risk to individuals, we will notify the relevant supervisory authority and affected individuals without undue delay, in line with applicable law.
10. Contact and complaints
For data protection enquiries, including requests to exercise your rights, contact us using the email below. You also have the right to lodge a complaint with the supervisory authority in your jurisdiction.
Questions about this policy? Email hello@epoqgrid.com.