GDPR Compliance

Last updated: 30/04/2026

Certin is committed to compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable EU and UK data protection laws where they apply to our processing activities.

We process both personal data and operational data in supply chain and logistics contexts. This page summarises how we approach GDPR-aligned obligations in connection with the Certin platform and related services (the "Services").

1. Roles and responsibilities

Depending on the context, Certin acts as:

  • a data processor, when processing Customer Data on behalf of its customers
  • a data controller, when handling data related to website usage, demo requests, and direct commercial interactions

When acting as a processor, Certin processes data solely on the documented instructions of its customers.

2. Lawful basis for processing

Certin processes personal data under the following legal bases:

  • performance of a contract
  • legitimate interests (including system security and service reliability)
  • consent, where applicable
  • compliance with legal obligations

3. Nature of data processed

Certin may process:

  • personal data (such as names, contact details, and professional information)
  • operational data (such as logistics, shipment, workflow, and system-generated data)

Operational data may include personal data depending on how the platform is used.

4. Data usage principles

Data is processed strictly for the purpose of providing and operating the Services, supporting customers, securing the platform, and meeting legal obligations.

Certin does not:

  • sell, rent, or trade personal data or Customer Data
  • use Customer Data to train models
  • use data for advertising, profiling, or unrelated commercial purposes

5. Data subject rights

Under GDPR, individuals have the right to:

  • access their personal data
  • rectify inaccurate data
  • request erasure
  • restrict processing
  • object to processing
  • request data portability
  • withdraw consent at any time

Requests can be made at: privacy@getcertin.ai

6. Data security

Certin implements appropriate technical and organisational measures to protect data, including:

  • encryption in transit and at rest
  • access control and authentication
  • monitoring and auditing
  • secure infrastructure environments

7. Data breach notification

In the event of a personal data breach, Certin will notify the relevant supervisory authority and affected parties in accordance with GDPR requirements.

8. International data transfers

Where data is transferred outside the European Economic Area (EEA), Certin ensures appropriate safeguards are in place, including Standard Contractual Clauses or equivalent mechanisms.

9. Subprocessors

Certin may engage subprocessors to support the delivery of the Services.

All subprocessors are required to meet strict data protection and security standards and are bound by contractual obligations consistent with GDPR.

10. Contact

For GDPR-related inquiries:

privacy@getcertin.ai