1. Our commitment
Athenous is committed to handling personal data in a way that supports GDPR requirements. We apply privacy and security controls across product design, infrastructure, and operations.
2. Who GDPR applies to
GDPR applies to organizations that process personal data of individuals in the European Union, regardless of where the organization is located.
3. Roles in the GDPR model
- Customer (you): usually the data controller for marketing data you decide to process in Athenous.
- Athenous: generally acts as data processor for customer data handled on your instructions.
For specific processing activities (for example account administration, billing, abuse prevention, and security), Athenous may act as an independent controller where applicable law permits.
4. Measures we take
- Access controls, least-privilege permissions, and authentication safeguards.
- Encryption in transit and secure storage practices for sensitive data and credentials.
- Logging and monitoring for security, reliability, and incident response.
- Vendor and subprocessor controls under contractual obligations.
- Internal privacy/security awareness and periodic policy reviews.
5. Data subject rights support
We provide features and support processes that help customers respond to GDPR rights requests, including access, correction, deletion, portability, and objection/restriction requests where applicable.
6. International transfers
Where personal data is processed outside the EEA/UK, Athenous applies appropriate transfer safeguards such as standard contractual clauses and supplemental technical and organizational measures when required.
7. DPA (Data Processing Addendum)
If your organization requires a DPA, contact us at privacy@athenous.io with your company details and plan information. We will provide the appropriate DPA process for signature.
8. Questions
For GDPR and privacy inquiries, contact privacy@athenous.io.