Privacy Policy

Omnitrex ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website omnitrex.eu and use our GRC platform services.

We process personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

The data controller responsible for your personal data is:

We may collect the following types of information:

3.1 Information You Provide

• Contact information (name, email address, company name) when you request a demo or contact us
• Account information when you register for our platform
• Communication data when you correspond with us

3.2 Automatically Collected Information

• Device information (browser type, operating system)
• Usage data (pages visited, time spent on site)
• IP address and approximate location
• Cookies and similar technologies (see Section 7)

We process your personal data based on the following legal grounds:

• Contract: Processing necessary for the performance of a contract with you or to take steps at your request before entering into a contract
• Legitimate interests: Processing necessary for our legitimate interests, such as improving our services and marketing our products
• Consent: Where you have given consent for specific processing activities
• Legal obligation: Processing necessary to comply with legal requirements

We use your information to:

• Provide, operate, and maintain our services
• Respond to your inquiries and demo requests
• Send administrative information and service updates
• Send marketing communications (with your consent)
• Improve our website and services
• Analyze usage patterns and trends
• Protect against fraudulent or illegal activity
• Comply with legal obligations

We do not sell your personal data. We may share your information with:

• Service providers: Third parties that help us operate our business (hosting, analytics, email services)
• Legal requirements: When required by law, court order, or governmental authority
• Business transfers: In connection with a merger, acquisition, or sale of assets

All service providers are contractually bound to protect your data and process it only as instructed by us.

We use cookies and similar technologies to enhance your experience on our website. These include:

• Essential cookies: Necessary for the website to function properly
• Analytics cookies: Help us understand how visitors use our site (with your consent)

You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

For platform users, we retain account data for the duration of your active use of the platform and for a reasonable period thereafter for backup and legal purposes.

Under the GDPR, you have the following rights regarding your personal data:

• Right of access: Request a copy of your personal data
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your data ("right to be forgotten")
• Right to restriction: Request limitation of processing
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, please contact us at info@omnitrex.eu. We will respond to your request within 30 days.

Your personal data is stored and processed within the European Union. We do not transfer your data outside the EU/EEA unless:

• The destination country has an adequacy decision from the European Commission
• Appropriate safeguards are in place (such as Standard Contractual Clauses)

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Access controls and authentication
• Regular security assessments
• Employee training on data protection

For more details, see our Security page.

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

We encourage you to review this Privacy Policy periodically for any changes.

If you have concerns about our data processing practices, please contact us first so we can try to resolve your concern.

You also have the right to lodge a complaint with a supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority).

If you have any questions about this Privacy Policy or our data practices, please contact us: