GDPR Notice
This notice summarizes the controls Kronos Digital Strategies ("Kronos") applies when processing personal data relating to individuals in the European Economic Area and United Kingdom under the General Data Protection Regulation (GDPR) and UK GDPR.
Roles & responsibilities
For services delivered on behalf of clients, Kronos acts as a processor handling business contact data according to written instructions. Kronos appoints subprocessors only after vetting security and privacy controls and executes data processing agreements with each partner.
Lawful bases & minimisation
Campaigns operate on legitimate interest assessments that balance outreach objectives with privacy expectations of B2B professionals. Data collection is limited to fields required for segmentation, deliverability, and reporting, and retention periods align with client engagement terms and suppression obligations.
Data subject rights
Kronos supports access, rectification, erasure, restriction, objection, and portability requests received directly or through clients. Requests are acknowledged within 5 business days and typically resolved within 30 days. Suppression lists are used to respect objection and opt-out outcomes.
International transfers & security
When transferring personal data outside of the EEA or UK, Kronos relies on adequacy decisions or Standard Contractual Clauses with supplementary controls such as encryption in transit, access governance, and regional data residency where required. Security reviews and penetration tests validate safeguards annually.
Contact & DPO
Kronos maintains a privacy lead reachable at privacy@kronosdigital.agency. EU/UK residents may also write to Kronos Digital Strategies, Caferaga Mah. Sifa Sk. No:19, Kadikoy Istanbul Turkey 34710.
Last updated: