GDPR Privacy Statement

Effective Date: February 1, 2025

Automus Consulting Inc. (“Automus”, “we”, “us”, or “our”) is committed to protecting the privacy and personal data of individuals in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

This Privacy Statement explains how we handle personal data when acting in the role of both:

  • a Data Controller (when we determine the purposes and means of processing), and

  • a Data Processor (when we process data solely on behalf of our clients, the data controllers).

1. Our Role Under GDPR

 Automus may act in one of the following capacities:

 a. As a Data Controller:

 We are a data controller when we collect and process personal data for our own business purposes, such as:

  • Managing client relationships

  • Marketing and communication

  • Recruitment and human resources

  • Internal analytics and operations

b. As a Data Processor:

We act as a data processor when we process personal data solely on behalf of and under the instructions of a client, in the context of providing consulting, implementation, or support services. In such cases, we:

  • Enter into a Data Processing Agreement (DPA) with the client (the controller)

  • Only process personal data in accordance with documented instructions

  • Implement appropriate technical and organizational security measures

  • Do not retain, use, or disclose the personal data for any other purpose

Legal Bases for Processing (Controller Role)

When acting as a data controller, we rely on the following lawful bases under Article 6 of the GDPR:

  • Consent (e.g., for marketing emails)

  • Contractual necessity (e.g., to perform a contract with you)

  • Legal obligation (e.g., compliance with tax or employment laws)

  • Legitimate interests (e.g., to improve our services or secure our systems)

3.  Data Subjects’ Rights

If you are located in the EU/EEA, you may have the following rights under GDPR:

  • Right of access

  • Right to rectification

  • Right to erasure (“right to be forgotten”)

  • Right to restriction of processing

  • Right to data portability

  • Right to object to processing

  • Right to lodge a complaint with a supervisory authority

When we act as a processor, we will assist our client (the controller) in responding to your request, as required under Article 28 of the GDPR.

To exercise your rights, please contact us using the contact information below.

4. Data Security

We implement reasonable and appropriate technical and organizational measures to protect personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. These include access controls, encryption, data minimization practices, and staff training.

5. Data Transfers

Where we transfer personal data outside of the European Economic Area (EEA), including to the United States, we ensure that adequate safeguards are in place in accordance with GDPR Chapter V—such as Standard Contractual Clauses (SCCs) or other legally approved mechanisms.

6. Retention  

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, or to comply with legal or contractual obligations.

7. Processor Subcontractors

In processor scenarios, we may engage vetted sub-processors to support delivery of services. Each sub-processor is bound by data protection obligations substantially similar to those in our DPA. A list of current sub-processors is available upon request.

8.  Contact Us

For any questions or concerns related to this privacy statement, or to exercise your GDPR rights, you may contact:

Automus Consulting Inc. Data Privacy Officer
1901 Avenue of the Stars, 2nd Floor
Century City, CA 90067
Telephone: +1 (424) 431-1050 Select Option 4
E-mail: privacy@automus.com