Compliance
GDPR at Klovex
Last updated: 22 May 2026
Klovex is built in the European Union (registered in Poland) and is designed from the ground up to comply with the EU General Data Protection Regulation 2016/679 ("GDPR") and the UK GDPR. This page summarizes how we approach compliance and how you can exercise your rights.
1. Roles
For Personal Data that customers send through the Service, the customer is the Controller and Klovex is the Processor. Klovex acts only on the documented instructions of the Controller, as set out in our Data Processing Addendum.
For Personal Data we collect directly (e.g., the email you sign up with, support tickets you send), Klovex is the Controller. The legal basis for that Processing is described in the Privacy Policy.
2. Your rights under the GDPR
Where the GDPR applies, you have the following rights, free of charge, with respect to the Personal Data we hold about you:
- Access — request a copy of the Personal Data we hold about you.
- Rectification — request that we correct inaccurate or incomplete Personal Data.
- Erasure — request that we delete your Personal Data ("right to be forgotten"). See Data deletion for the self-service path.
- Restriction — ask us to limit our Processing of your Personal Data.
- Portability — receive your Personal Data in a structured, commonly-used machine-readable format.
- Objection — object to Processing based on our legitimate interests.
- Withdraw consent — where Processing is based on consent, withdraw it at any time without affecting the lawfulness of prior Processing.
- Lodge a complaint — with your local supervisory authority (in Poland, that is UODO — Urząd Ochrony Danych Osobowych).
3. How to exercise your rights
Email privacy@klovex.xyz from the address registered with Klovex and tell us which right you wish to exercise. We respond within one month of receipt; if your request is complex we may extend by a further two months and will let you know within the first month.
4. International transfers
Klovex hosts production data in the EU. Where a sub-processor (listed in our DPA) may Process data outside the EEA, we rely on appropriate safeguards — typically the European Commission's Standard Contractual Clauses (2021/914) plus, where required, supplementary technical measures (encryption in transit and at rest, access controls, key separation).
5. Data Protection Officer
Klovex has not formally appointed a Data Protection Officer because our Processing does not meet the conditions in GDPR Article 37(1). Privacy questions are handled by our Privacy lead, reachable at privacy@klovex.xyz.
6. Records of Processing
We maintain a record of Processing activities (GDPR Article 30) and review it at least annually. A summary is available to customers under NDA on request.
7. Children
Klovex is a business-to-business product and is not directed to children under 16. We do not knowingly collect Personal Data from children. If you believe we have, contact us and we will delete it.
8. Contact
Klovex — Registered in Poland
Email: privacy@klovex.xyz