This Privacy Policy outlines the manner in which Axelliant LLC, a company incorporated and operating under the laws of the United States, having its principal place of business at 21250 Hawthorne Blvd, Suite 500, Torrance, CA 90503, and referred to herein as “Axelliant,” “we,” “us,” or “our,” processes Personal Data collected through its website (www.axelliant.com), marketing channels, client engagements, and services.

This Policy complies with the General Data Protection Regulation (EU 2016/679) (“GDPR”), the California Consumer Privacy Act (CCPA), and other applicable U.S. state and federal data protection frameworks.

1. Identity and Contact Details of the Data Controller

For EU data subjects, Axelliant will appoint a designated Data Protection Representative under Article 27 of the GDPR, if required.

3. Lawful Basis for Processing

We process your Personal Data under the following legal bases as provided by Article 6 of the GDPR:

• Consent (Art. 6(1)(a)) - when you provide explicit permission (e.g., subscribing to a newsletter).
• Contractual Necessity (Art. 6(1)(b)) - when processing is required to fulfill a contract (e.g., providing IT services).
• Legal Obligation (Art. 6(1)(c)) - when required by law (e.g., accounting or tax records).
• Legitimate Interest (Art. 6(1)(f)) - where processing is necessary for our legitimate business purposes (e.g., internal analytics, security, and service optimization), provided such interest is not overridden by your rights and freedoms.

For data processed under CCPA, lawful bases fall under “business purpose,” “commercial purpose,” or “sale” (although Axelliant does not sell your data).

4. Categories of Data We Collect

We may collect and process the following categories of Personal Data:

5. Purpose Of Collection And Processing Activities

6. Automated Decision-Making And Profiling

Axelliant does not engage in profiling or automated decision-making that produces legal or similarly significant effects on individuals, as defined by Article 22 GDPR, unless:

• Explicit consent has been obtained, or
• Processing is necessary for contract performance, or
• Permitted under applicable law with suitable safeguards in place.

7. Data Retention Policy

Personal Data is retained only for as long as necessary to fulfill the purpose for which it was collected, unless a longer retention period is required by law.

• Prospects & leads: 12 months from last interaction.
• Customers: 7 years post-contract, aligned with U.S. tax law.
• Job applicants: 24 months post application.
• Analytics data: 14 months (Google Analytics default).

Upon expiry, data is securely deleted or anonymized.

8. Data Sharing & Third-Party Transfers

We may share Personal Data with:

• Internal teams across sales, delivery, support, and finance
• Trusted Data Processors (e.g., Salesforce, HubSpot, Google Workspace)
• Subcontractors for service delivery under strict NDAs
• Regulatory or legal authorities upon valid request

We do not sell Personal Data.

9. International Transfers

Where Personal Data is transferred outside the EU/EEA, we ensure safeguards:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Addendums (DPAs) with all U.S.-based processors
• Supplementary measures (encryption, access control, pseudonymization)

Data is primarily stored and processed in secure U.S.-based servers. Access is role-based and encrypted in transit and at rest.

10. Security Measures

• Role-based access and authentication
• Network segmentation and endpoint protection
• Annual penetration testing
• Employee cybersecurity training and NDAs
• Data minimization and pseudonymization practices
• DLP (Data Loss Prevention) and audit trails

In case of data breach, Axelliant shall notify affected individuals and authorities within 72 hours, per Articles 33 and 34 GDPR.

11. Data Subject Rights

If you are a resident of the EU, UK, or similar jurisdiction, you have the right to:

• Access your Personal Data (Art. 15 GDPR)
• Rectify inaccurate or incomplete data (Art. 16 GDPR)
• Request erasure (“right to be forgotten”) (Art. 17 GDPR)
• Restrict processing (Art. 18 GDPR)
• Object to processing (Art. 21 GDPR)
• Data portability (Art. 20 GDPR)
• Withdraw consent at any time (Art. 7 GDPR)
• Complain to your Data Protection Authority (Art. 77 GDPR)

For requests, email: info@axelliant.com with proof of identity.

13. Your California Rights (CCPA/CPRA)

If you are a California resident, you are entitled to:

• Know what categories of Personal Data we’ve collected or disclosed
• Request deletion of your Personal Data
• Opt-out of sale (not applicable, as we don’t sell data)
• Non-discrimination for exercising your rights

Submit requests by emailing info@axelliant.com or calling +1 424-535-1100 .

14. Cookies And Tracking Technologies

If you are a California resident, you are entitled to:

• Essential website functions
• Performance and usage analytics (Google Analytics, Tag Manager)
• Marketing automation and email tracking (e.g. HubSpot, Apollo.io)

You may disable cookies via your browser or by using the site’s cookie settings panel.

15. Amendments To This Policy

We reserve the right to modify this Policy at any time. Changes will be posted on our website and updated with a new “Effective Date.” Where legally required, we will seek your consent before applying material changes.