Summary
Agora Compliance provides GDPR, UK GDPR, and Swiss DPA representative services. To perform this role, we may receive and process personal data that is provided either by our clients (companies that appoint us) or by individuals who submit data subject requests to those clients.
We only use such personal data to fulfil our obligations as a representative, and we do not share it with any third parties except the relevant client or competent supervisory authorities.
Personal Data We Process
Client Contact Data
- Name, business email, phone number, and role of the designated contact person(s) at client organisations.
- Used to manage the client relationship and fulfil contractual obligations.
Individual Data
- Information provided by individuals when submitting a data subject request (e.g. access, erasure, rectification).
- May include name, contact details, and any additional information the individual provides to support their request.
- Used solely to forward and coordinate the request with the relevant client.
Employee/Freelancer Data
- Limited to what is necessary for HR, payroll, and contractual purposes.
- Processed as data controller of our own staff/freelancers.
Purposes and Legal Basis
For Clients (Client Contact Data):
- To perform our duties as their appointed EU/UK/Swiss representative.
- Legal basis: contract performance and legitimate interests.
For Individuals (Individual Data):
- To forward and manage their data subject requests with the relevant client.
- Legal basis: compliance with legal obligations under GDPR/UK GDPR/Swiss DPA.
For Employees/Freelancers:
- To administer the working relationship.
- Legal basis: contract performance and legal obligations.
How We Process and Store Data
- Data is stored securely in Google Workspace (Google Cloud) with appropriate encryption and access controls.
- Access is strictly limited to staff/freelancers involved in delivering our representative services.
- Data may be transmitted securely between Agora Compliance entities in Ireland, the UK, and Switzerland to fulfil representative obligations.
Data Transfers
- Some processing by Google may involve transfers outside the EEA/UK/Switzerland.
- These transfers are protected by Standard Contractual Clauses (SCCs) and Googleβs compliance with GDPR/UK GDPR/Swiss adequacy frameworks.
Retention Period
- Client Contact Data: kept for the duration of the client relationship and up to 7 years afterwards for legal record-keeping.
- Individual Data: retained for up to 10 years in secure archives to evidence compliance with data protection obligations.
- Employee/Freelancer Data: retained in line with statutory record-keeping requirements.
Data Subject Rights
You have the following rights under GDPR, UK GDPR, and Swiss DPA (as applicable):
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights relating to automated decision-making and profiling
You may exercise these rights by contacting us (see below).
Complaints
If you are dissatisfied with how we process your data, you may lodge a complaint with your local data protection authority.
- EU: List of national DPAs
- UK: Information Commissionerβs Office (ICO) β www.ico.org.uk
- Switzerland: Federal Data Protection and Information Commissioner (FDPIC) β www.edoeb.admin.ch
- Ireland (lead authority for Agora Compliance): www.dataprotection.ie
Contact Us
If you wish to exercise your rights or ask about our data processing, please contact us:
π§ privacy@agoracompliance.com
π EU/EEA (Main establishment)
Agora Compliance Limited
77 Camden Street Lower
Dublin D02 XE80
Ireland
π UK
Agora Compliance Limited
107β111 Fleet Street
London, EC4A 2AB
United Kingdom
π Switzerland
Agora Compliance Limited
Eugen-Huber-Strasse
Zurich 8048
Switzerland