
Data processing & compliance
A plain-language summary of how Ascendra-X handles personal data when running campaigns, and the compliance posture that supports it.
Independent compliance certificates
Current ISO, GDPR, and SOC 2 certificates for Ascendrax Media Private Limited.
Last updated: May 1, 2026
This page is a high-level summary, not a contract. For executed agreements covering processing under the GDPR, UK GDPR, or similar regimes, contact legal@ascendra-x.com.
Overview
Ascendra-X operates B2B demand generation programs that span ICP design, data sourcing and enrichment, multi-channel outreach, and qualified lead delivery. These programs run against business contacts and are designed around suppression, verification, and quality controls rather than mass blasts.
Controller and processor roles
When we run a campaign for a client, the client is generally the controller of the personal data we process for that campaign, and Ascendra-X acts as a processor under their instructions. For our own website and direct communications, Ascendra-X is the controller as described in our privacy policy.
Scope of processing
- Subject matter: B2B demand generation services, including data work, outreach, and lead delivery.
- Duration: the term of the underlying service agreement, plus a limited retention period.
- Nature and purpose: identifying, contacting, qualifying, and delivering business contacts to the client.
- Categories of data: business contact details, firmographic data, and campaign engagement data.
- Categories of data subjects: business decision-makers and other professional contacts within the client’s defined ICP.
Compliance posture
Our standard operating procedures are designed to support client compliance with frameworks such as the EU GDPR, UK GDPR, CAN-SPAM, CASL, and similar regimes. Our current certificates include SOC 2 Type II, ISO 9001:2015, ISO/IEC 27001:2022, and EU GDPR. In practice this means:
- Honoring client suppression and unsubscribe lists.
- Including identification and opt-out mechanisms in marketing email where required.
- Performing list verification and ICP match before contact goes out.
- Routing data subject requests to the appropriate controller.
- Limiting retention to what is needed for the engagement and applicable legal obligations.
Compliance ultimately depends on client instructions, target geographies, and the lawful bases the client relies on. We are happy to align on specifics during scoping.
Security measures
- Role-based access to client data on a least-access basis.
- Encryption in transit for data exchanged with clients and vendors.
- Vendor due diligence for sub-processors that handle personal data.
- Logging and review of campaign operations and data handling.
- Onboarding and periodic training for staff who handle personal data.
Sub-processors
We use a limited set of sub-processors for hosting, CRM, email infrastructure, telephony, enrichment, and analytics. Sub-processors are bound by written agreements with confidentiality and data protection obligations consistent with our commitments to clients. A current list is available on request.
International transfers
Where personal data is transferred across borders, we rely on lawful transfer mechanisms such as Standard Contractual Clauses or equivalent safeguards, in line with applicable law and client instructions.
Data subject requests
When we receive a request directly from a data subject about campaign data we process for a client, we route the request to that client as the controller and assist them in responding within the timeframes their applicable law requires. Requests can be sent to privacy@ascendra-x.com.
Incident response
We maintain an internal incident response process. If we become aware of a personal data breach affecting client data, we will notify the relevant client without undue delay and provide reasonable cooperation to support their notification obligations.
Executing a DPA
Clients that need an executed Data Processing Agreement can contact us at legal@ascendra-x.com. We are happy to use our standard DPA, work from a client template, or negotiate based on the specifics of the engagement. Current certificates are available on our certifications page.
Contact
For privacy questions, contact privacy@ascendra-x.com. For contractual questions, contact legal@ascendra-x.com.


