DataGators is fully compliant with the EU General Data Protection Regulation (EU 2016/679) and the UK GDPR. This page explains our roles as a data controller and data processor, the legal basis for our processing activities, and the rights available to all data subjects.
GDPR distinguishes between Data Controllers (who determine why and how data is processed) and Data Processors (who process data on behalf of a controller). DataGators acts in both roles depending on the context.
We act as Data Controller for personal data collected directly through our website — including enquiry forms, newsletter subscriptions, and quote requests. As Controller, we determine the purposes and means of processing and are responsible for ensuring that processing is lawful, fair, and transparent.
When enterprise customers engage us to process data on their behalf — for example, extracting contact data that includes personal information — we act as Data Processor. In this role, we process data only on documented instructions from the customer (the Controller) and do not use it for our own purposes.
Under GDPR Article 6, we must have a lawful basis for every processing activity. Below is our record of processing activities and the basis applied to each.
| Processing Activity | Data Categories | Lawful Basis | Retention Period |
|---|---|---|---|
| Quote & enquiry handling | Name, email, company, project details | Contract (Art. 6.1.b) | 3 years |
| Service delivery | Contact details, billing info | Contract (Art. 6.1.b) | Duration + 3 years |
| Invoice & accounting | Name, company, billing address | Legal obligation (Art. 6.1.c) | 7 years |
| Newsletter (subscribed) | Email address | Consent (Art. 6.1.a) | Until unsubscribe |
| Website analytics | IP (anonymised), page views | Consent (Art. 6.1.a) | 24 months (GA4) |
| Security & fraud prevention | IP address, session data | Legitimate interest (Art. 6.1.f) | 30 days |
| Job applications | CV, name, contact details | Consent (Art. 6.1.a) | 6 months |
GDPR grants data subjects eight specific rights. We honour all of them. To exercise any right, contact our DPO at dpo@datagators.com. We respond within 30 days.
Obtain a copy of all personal data we hold about you and information about how it is processed.
Have inaccurate personal data corrected without undue delay.
Have personal data deleted where there is no longer a legitimate reason to keep it.
Pause processing of your data while accuracy is disputed or a complaint is pending.
Receive your data in a structured, machine-readable format to transfer to another organisation.
Object to processing based on legitimate interests. We must stop unless compelling grounds exist.
Not be subject to solely automated decisions that produce significant effects without human review.
Withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
Enterprise customers who require DataGators to process personal data on their behalf may request a formal Data Processing Agreement (DPA) in accordance with GDPR Article 28. Our DPA sets out the subject matter, duration, nature, and purpose of processing, the type of personal data involved, and the rights and obligations of both parties.
Our DPA includes Standard Contractual Clauses (SCCs) for any transfers of personal data outside the EEA or UK, ensuring that equivalent protection travels with the data regardless of where it is processed.
To request a DPA, email dpo@datagators.com with the subject line "DPA Request". We will issue a draft within 5 business days. Enterprise customers on annual contracts receive a pre-signed DPA as standard.
Our current sub-processors include Google (Analytics, Tag Manager, Cloud), our payment processor, and our helpdesk provider. A full, current sub-processor list is available on request. We notify customers of material changes to sub-processors with 30 days notice.
We conduct DPIAs for all new processing activities that are likely to result in a high risk to the rights and freedoms of natural persons, in accordance with GDPR Article 35.
Our Data Protection Officer can be contacted at dpo@datagators.com. Formal requests (subject access, erasure, objection) submitted to this address are logged and responded to within the 30-day statutory timeframe.
For data subject requests, DPA enquiries, or any GDPR-related questions, contact our DPO directly. We acknowledge all requests within 5 business days.
Join 1,200+ companies using DataGators to outmaneuver the competition. Get a free, no-obligation data consultation — delivered within 24 hours.