
GDPR compliance
How Ascendra-X meets its obligations under the EU General Data Protection Regulation.
Independent compliance certificates
Current ISO, GDPR, and SOC 2 certificates for Ascendrax Media Private Limited.
Last updated: May 1, 2026
Overview
Ascendra-X (“Ascendrax Media Private Limited”) is committed to protecting the privacy and security of personal data processed in connection with our B2B demand generation services. We comply with the EU General Data Protection Regulation (Regulation 2016/679) and the UK GDPR as applicable.
Certification
Ascendrax Media Private Limited holds EU-GDPR certification (certificate reference EU-GDPR-6178), issued on May 26, 2026. This certification confirms that our data handling practices, information security controls, and organizational measures have been independently assessed for alignment with GDPR requirements.
Controller vs processor roles
When processing personal data for our own purposes (e.g., website visitors, prospective clients), Ascendra-X acts as a data controller. When we execute demand generation campaigns on behalf of clients, we act as a data processor under the client’s documented instructions. Our Data Processing Addendum governs these processor engagements.
Lawful bases for processing
We rely on the following lawful bases depending on the activity:
- Legitimate interests (Article 6(1)(f)) for B2B marketing communications to business contacts whose professional role is relevant to our services.
- Consent (Article 6(1)(a)) where required for specific processing activities such as newsletter sign-ups or non-essential cookies.
- Contractual necessity (Article 6(1)(b)) for processing required to deliver our services under a client agreement.
- Legal obligation (Article 6(1)(c)) where required by law.
Data subject rights
Under the GDPR, individuals have the right to:
- Access the personal data we hold about them.
- Rectify inaccurate or incomplete data.
- Request erasure (“right to be forgotten”) where applicable.
- Restrict processing in certain circumstances.
- Object to processing based on legitimate interests.
- Receive their data in a portable format (data portability).
- Withdraw consent at any time where consent is the legal basis.
- Lodge a complaint with a supervisory authority.
To exercise any of these rights, contact dpo@ascendra-x.com. We will respond within 30 days.
Data protection measures
We implement appropriate technical and organizational measures including:
- Encryption of data in transit and at rest.
- Role-based access controls with least-privilege principles.
- Regular security assessments and vendor due diligence.
- Data minimization — we only process what is necessary for the stated purpose.
- Staff training on data protection responsibilities.
International transfers
Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) or adequacy decisions, as applicable. Details are available in our Data Processing Addendum.
Breach notification
In the event of a personal data breach that poses a risk to the rights and freedoms of data subjects, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, in accordance with Articles 33 and 34 of the GDPR.
Data protection contact
For GDPR-related inquiries, data subject requests, or to report a concern, contact us at dpo@ascendra-x.com.


