GDPR & your rights.
Your rights under GDPR/UK-GDPR and DPDP, how we process data, and how to reach our DPO.
GDPR & Your Rights
For individuals in the EU/EEA and UK, we act as a data controller for enquiry and marketing data, and as a data processor for client project data under a Data Processing Agreement (DPA). For India, we comply with the Digital Personal Data Protection Act (DPDP).
Your rights
- Access, rectify, or erase your personal data.
- Restrict or object to processing.
- Data portability — receive your data in a portable format.
- Withdraw consent at any time (without affecting prior processing).
- Lodge a complaint with your supervisory authority (e.g. the ICO in the UK).
International transfers
Where data leaves the EU/UK, we rely on appropriate safeguards such as Standard Contractual Clauses and the UK International Data Transfer Addendum, with supplementary measures where needed.
Data Processing (for clients)
When we process personal data on your behalf, our DPA governs the relationship. We process only on documented instructions, ensure confidentiality, assist with data-subject requests and breach notification, support audits, and delete or return data at the end of the engagement.
Data residency
We support data residency in the EU, US and India. Client deployments run inside your own cloud (VPC/tenant) with your encryption keys (BYO-KMS) where required. We can run fully air-gapped on-prem for the most sensitive workloads.
Sub-processors
We maintain a current list of sub-processors and give notice of material changes so you can object. The list is available under NDA.
Data Protection Officer
To exercise any right, request our sub-processor list or DPA, or ask a privacy question, contact our DPO at trust@neurapses.com. We respond within 30 days. Postal: Neurapses Technologies, The Long Lodge, 265–269 Kingston Road, Wimbledon SW19 3NW, England.