Legal

GDPR compliance

How Ascendra-X meets its obligations under the EU General Data Protection Regulation.

Verified certificates

Independent compliance certificates

Current ISO, GDPR, and SOC 2 certificates for Ascendrax Media Private Limited.

View all certificates

Last updated: May 1, 2026

Overview

Ascendra-X (“Ascendrax Media Private Limited”) is committed to protecting the privacy and security of personal data processed in connection with our B2B demand generation services. We comply with the EU General Data Protection Regulation (Regulation 2016/679) and the UK GDPR as applicable.

Certification

Ascendrax Media Private Limited holds EU-GDPR certification (certificate reference EU-GDPR-6178), issued on May 26, 2026. This certification confirms that our data handling practices, information security controls, and organizational measures have been independently assessed for alignment with GDPR requirements.

Controller vs processor roles

When processing personal data for our own purposes (e.g., website visitors, prospective clients), Ascendra-X acts as a data controller. When we execute demand generation campaigns on behalf of clients, we act as a data processor under the client’s documented instructions. Our Data Processing Addendum governs these processor engagements.

Lawful bases for processing

We rely on the following lawful bases depending on the activity:

  • Legitimate interests (Article 6(1)(f)) for B2B marketing communications to business contacts whose professional role is relevant to our services.
  • Consent (Article 6(1)(a)) where required for specific processing activities such as newsletter sign-ups or non-essential cookies.
  • Contractual necessity (Article 6(1)(b)) for processing required to deliver our services under a client agreement.
  • Legal obligation (Article 6(1)(c)) where required by law.

Data subject rights

Under the GDPR, individuals have the right to:

  • Access the personal data we hold about them.
  • Rectify inaccurate or incomplete data.
  • Request erasure (“right to be forgotten”) where applicable.
  • Restrict processing in certain circumstances.
  • Object to processing based on legitimate interests.
  • Receive their data in a portable format (data portability).
  • Withdraw consent at any time where consent is the legal basis.
  • Lodge a complaint with a supervisory authority.

To exercise any of these rights, contact dpo@ascendra-x.com. We will respond within 30 days.

Data protection measures

We implement appropriate technical and organizational measures including:

  • Encryption of data in transit and at rest.
  • Role-based access controls with least-privilege principles.
  • Regular security assessments and vendor due diligence.
  • Data minimization — we only process what is necessary for the stated purpose.
  • Staff training on data protection responsibilities.

International transfers

Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) or adequacy decisions, as applicable. Details are available in our Data Processing Addendum.

Breach notification

In the event of a personal data breach that poses a risk to the rights and freedoms of data subjects, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, in accordance with Articles 33 and 34 of the GDPR.

Data protection contact

For GDPR-related inquiries, data subject requests, or to report a concern, contact us at dpo@ascendra-x.com.