Data Protection And GDPR

Compliance Statement

Last Updated: May 8, 2025

Introduction

Simple Scalable Solutions (SSS) and our platform Scalify by Simple Scalable Solutions (“we,” “our,” “us”) value your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our services, including the Scalify platform and any related tools or services. By accessing or using our services, you consent to the practices described in this policy.

This document outlines how the General Data Protection Regulation (GDPR) applies to your use of Scalify, and the measures we’ve taken to comply. This does not constitute legal advice; you should consult a data protection professional for guidance tailored to your situation.

General Data Protection Regulation (GDPR)

The GDPR (Regulation EU 2016/679) and the UK GDPR (post-Brexit) govern the protection of personal data within the EU and the UK. These regulations give individuals more control over their data and hold businesses accountable for how data is collected, used, and stored.

Your Role as Controller

When you use Scalify, you act as the Data Controller. You determine the purposes and means of processing personal data. As the controller, you are responsible for:

  • Identifying a legal basis for processing personal data (e.g., consent, contract, legal obligation)

  • Informing and obtaining valid consent from data subjects

  • Ensuring data is only retained as long as necessary for its intended purpose

  • Responding to subject access requests (SARs), data correction, or deletion requestsMaintaining a record of processing activities where required

Our Role as Processor

SSS acts as your Data Processor. We process personal data solely based on your documented instructions and do not use your data for our own purposes. Our responsibilities include:

  • Implementing appropriate technical and organisational safeguards

  • Notifying you of any personal data breaches without undue delay

  • Assisting you with fulfilling data subject rights

  • Ensuring lawful international data transfers (e.g., via Standard Contractual Clauses)

  • Maintaining confidentiality agreements with all staff and sub-processors

International Data Transfers

Personal data may be transferred outside the EEA, UK, or Thailand where necessary. SSS ensures:

  • Transfers are protected by Standard Contractual Clauses (SCCs) or the UK Addendum

  • Data is hosted with providers offering GDPR-compliant infrastructure

Sub-Processors

SSS uses trusted sub-processors to provide elements of our services. These third parties are bound by contractual obligations ensuring the same level of data protection. A full list of sub-processors is maintained at: https://www.scalifytech.com/data-protection

Data Security

We have implemented rigorous security measures, including:

  • Encryption of data at rest and in transit

  • Access controls and user authentication

  • Logging and audit trailsRegular vulnerability testing

  • Data recovery and incident response plans

Data Subject Rights

We assist you in supporting your customers' rights under GDPR, including:

  • Right of access

  • Right to rectification

  • Right to erasure ("right to be forgotten")

  • Right to restrict processing

  • Right to data portability

  • Right to object to processing

If a data subject contacts us directly, we will notify you promptly and await your instructions.

Supporting Documents

For more information about how we handle personal data, please refer to:

  • Privacy Policy

  • Cookie Policy

  • Data Processing Agreement (DPA)

  • Client Legal Checklist

Contact

If you have any questions or concerns regarding this statement, contact us: 📧 hello@simplscalablesolutions.com