Our GDPR compliance strategy involves the following steps:

Data Security: We have implemented physical, electronic, organizational, administrative, and technical policies and controls to preserve data and help prevent unauthorized access, maintain data security, and use the data we gather correctly. Our data security measures make use of our industry-leading products and services.

Data Sensitivity: We keep records of our data processing activities, which are the foundation for our data protection compliance.

Data Retention and Deletion: We keep your information for as long as needed to accomplish the reasons it was obtained unless a more extended retention period is required or permitted.

Data Subject Rights: We have put in place measures to provide practical and suitable support for our customers’ answers to people’s requests to exercise their GDPR rights.

Obligations of the Controller and Processor: Auxin works as a “processor” of our customer’s data for some Auxin services. In other cases, Auxin serves as a “controller.” When Auxin acts as a “processor,” Auxin can provide a data processing agreement upon request.

Vendor Management: We recognize the need to carefully analyze vendors who assist us in serving our partners and consumers. We evaluate suppliers before hiring them, and we require that select vendors agree to certain GDPR-related contractual obligations before they can process the information of our partners and consumers.

Channel Partner Data: We only collect data from our channel partners for legitimate business needs.

Transfers of Data: We adhere to regulatory obligations for cross-border data protection, including implementing European Commission-approved Standard Contractual Clauses. We provide our customers with several precautions for data transfers to us.

• If you have any questions regarding our GDPR efforts, please reach out to us at privacy@auxin.io