Effective Date: June 17, 2025
This Privacy Policy explains how Trendlytic processes personal data on behalf of its customers (the Data Controllers) when providing the Services. At Trendlytic, we process personal data strictly as a Data Processor in accordance with Article 28 GDPR.
Data processed may include, depending on the customer's configuration:
We process this data strictly to provide the contracted Service.
We process personal data only on documented instructions of the Data Controller, for the following purposes:
We do not determine the purposes or means of processing; this is the Controller's responsibility.
As Processor, we rely on the Controller to determine and ensure the appropriate legal basis for data collection under Article 6 GDPR.
We may engage subprocessors necessary to carry out our Service (e.g., cloud hosting providers). In the case of a change of subprocessors, we will do our commercially reasonable efforts to inform the Controller in advance. A list of subprocessors is available upon request. We do not share or sell personal data for independent purposes.
If subprocessors are located outside the EEA, such transfers will be safeguarded by EU Standard Contractual Clauses or other lawful mechanisms under GDPR.
We implement appropriate technical and organizational security measures, including access control and regular security audits, to ensure the protection of processed data.
As Processor, we will assist the Controller in fulfilling its obligations regarding data subject rights (access, rectification, erasure, etc.) under GDPR, upon documented instruction.
We retain personal data only for the duration of the Service, as instructed by the Controller, unless legally required otherwise. Upon termination, data will be deleted within 30 days.
We may use cookies on our website or platform for necessary functionality. Separate consent may be required for such use, as applicable.