GDPR Compliance

MigrateX Inc. (“MigrateX,” “we,” “our,” or “us”) processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the UK General Data Protection Regulation (“UK GDPR”). This page explains how we meet our obligations under these regulations in connection with our data migration services.

1. Our Role Under the GDPR

MigrateX acts in two distinct capacities depending on the context:

• Data Controller: when we collect and process personal data directly (for example, when you visit our website, fill out a contact form, book a consultation, or subscribe to our newsletter). In this capacity, our Privacy Policy governs how we handle your data.
• Data Processor: when we process personal data on behalf of our customers during a migration project. In this capacity, our Data Processing Addendum (DPA) governs the processing, and our customers remain the data controllers.

2. Legal Bases for Processing

When acting as a data controller, we process personal data under the following legal bases:

• Performance of a contract: to fulfill our obligations under an agreement with you, or to take pre-contractual steps at your request (e.g., providing a migration assessment).
• Legitimate interests: to operate, improve, and promote our business, including website analytics and security monitoring, provided these interests do not override your fundamental rights.
• Consent: for specific activities such as sending marketing communications or placing non-essential cookies. You may withdraw consent at any time.
• Legal obligation: to comply with applicable laws and regulatory requirements.

3. Your Rights as a Data Subject

Under the GDPR and UK GDPR, you have the following rights regarding your personal data:

• Right of access: request a copy of the personal data we hold about you.
• Right to rectification: request correction of inaccurate or incomplete data.
• Right to erasure:request deletion of your personal data in certain circumstances (“right to be forgotten”).
• Right to restrict processing: request that we limit how we use your data in certain circumstances.
• Right to data portability: receive your data in a structured, machine-readable format and have it transferred to another controller.
• Right to object: object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint: file a complaint with your local data protection supervisory authority.

How to Exercise Your Rights

To exercise any of these rights, email us at privacy@migratex.comwith the subject line “Data Subject Request.” Please include your full name, the email address associated with your account (if applicable), your country of residence, and a description of the right you wish to exercise. We will respond within 30 days.

If your personal data was processed as part of a migration project performed on behalf of one of our customers, please direct your request to that customer (the data controller). MigrateX will assist the customer in fulfilling your request as required by our DPA.

4. Personal Data We Collect

As a Website Visitor

When you visit migratex.com, we may collect your name, email address, company name, and job title (when you fill out a form), as well as device information and browsing data through cookies. Full details are in our Privacy Policy and Cookie Policy.

As a Migration Customer

During a migration project, MigrateX processes Customer Data on behalf of our customer. This may include contact information, support ticket content, user identifiers, attachments, and custom field data from the source platform. The categories of data subjects and data types are detailed in Annex I of our DPA.

5. How We Protect Your Data

MigrateX maintains technical and organizational measures to protect personal data:

• Encryption: all data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
• Access controls: role-based access with multi-factor authentication for all administrative access.
• Network security: firewalls, intrusion detection/prevention, and network segmentation.
• Monitoring: centralized logging and anomaly detection for all access events.
• Incident response: documented incident response plan with 72-hour breach notification to customers.
• Personnel security: background checks, NDA requirements, and security awareness training for all team members.

For a full description of our security measures, see Annex II of our DPA or visit our Security page.

6. International Data Transfers

MigrateX is based in the United States. When personal data is transferred from the EEA, UK, or Switzerland to the US, we rely on the European Commission’s Standard Contractual Clauses (SCCs) as the legal transfer mechanism. For UK transfers, we incorporate the UK International Data Transfer Addendum (IDTA).

Transfer mechanism details are set out in Section 8 of our DPA.

7. Data Retention and Deletion

We retain personal data only as long as necessary:

• Website visitor data:retained in accordance with our analytics providers’ standard retention periods. You can manage cookie preferences at any time via the Cookie Settings link in our footer.
• Contact and inquiry data: retained for the duration of our business relationship and a reasonable period thereafter.
• Migration project data: deleted within 30 days of project completion or termination, unless the customer requests otherwise or retention is required by law.

8. Sub-processors

MigrateX engages a limited number of sub-processors to deliver the Services. All sub-processors are bound by data processing agreements with protections equivalent to our DPA. The current list of sub-processors is published in Annex III of the DPA.

9. Cookies and Consent

Our website uses cookies for essential functionality, analytics, and marketing. Non-essential cookies are only placed after you provide consent through our cookie banner. You can review or change your preferences at any time by clicking “Cookie Settings” in the footer. For full details, see our Cookie Policy.

10. Related Documents

For complete details on how we handle personal data, please review the following:

• Privacy Policy: describes how we collect, use, and protect personal data as a data controller.
• Data Processing Addendum (DPA): governs how we process personal data on behalf of customers.
• Cookie Policy: details how we use cookies and tracking technologies.
• Security: sets out our security posture, certifications, and infrastructure.
• Service Agreement: the terms governing use of the MigrateX platform.

11. Contact Us

If you have questions about our GDPR compliance or wish to exercise your data protection rights, contact us at:

MigrateX Inc.
8 The Green, STE R, Dover, DE 19901, USA
Email: privacy@migratex.com

You also have the right to lodge a complaint with your local data protection supervisory authority.