Privacy policy

Last Edited on 20 November 2023

This Privacy Notice applies to the processing of data related to the use of (hereinafter "the Website").

GXP Engaged Auditing Services (“GXP Engaged”, “we” or “us”) as the Controller has committed to comply with: 

  • The General Data Protection Regulation N°EU 2016/679 (hereinafter, the "GDPR"); 
  • The General Data Protection Regulation as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (hereinafter the "UK GDPR") and the UK Data Protection Act 2018 (amended 2020) (hereinafter the "Data Protection Act"); 
  • And all EU applicable laws and regulations regarding data protection.

Collectively referred to as "Data Protection Laws". 

With this Privacy Notice, GXP Engaged wants to ensure you understand what personal information is collected about you, how your personal information is used and how it is kept safe. 

General warning and use of social media

Access to the Website implies the User’s full and unreserved acceptance of this Privacy Notice, as well as its general terms of use and the Cookies Notice. The User acknowledges having read the information below.

This Notice is valid for all pages hosted on the Website. It is not valid for the pages hosted by third parties to which GXP Engaged may refer and whose privacy notices may differ. GXP Engaged cannot therefore be held responsible for any data processed on these websites or by them. This Notice also applies to any other website that GXP Engaged may operate, including our Company pages on LinkedIn.

Please note that for the use of social media, GXP Engaged is a Joint-Controller with LinkedIn only for accessing and processing statistical aggregate data provided by LinkedIn. For any other processing on the platform, LinkedIn is the sole Data Controller.

LinkedIn have created an "addendum" to their user agreements for company pages where they are Joint-Controllers.

1. Why, how and for how long do we collect your personal data?

Depending on the purpose for which we process your personal data, we may need to process different types of personal data. We will keep your data for no longer than necessary to fulfill the purposes for which we collected it, including any legal requirements. 
Depending on each case, the processing will therefore be as follows:

Purposes Types of personal data Legal basis Retention period
To answer your queries either by email or through the contact form

Full name, Company, email address

Please note that other Personal Data may be processed by GXP Engaged depending on your request and the information you provide us.

This processing is based on our legitimate interest to answer the requests or queries raised by you through the existing contact channels. 

We understand that the processing of these data is also beneficial to you to the extent that it enables us to assist you adequately and answer your queries.

We will process your data for the time necessary to meet your request.
For job applications

Name, contact details, CV.

This processing is based on our legitimate interest to administer and appraise job applications. 

We understand that the processing of these data is also beneficial to you to the extent that it enables you to get a job by providing a spontaneous application or responding to an offer.

We will process your data for the time necessary to manage your application.
For statistical purposes Aggregate statistical data (e.g., Company page on LinkedIn). We consider that we have a legitimate interest to understand the way our page is consulted (e.g., how many times our page is consulted, from which country, etc.). Statistical information is stored by LinkedIn and consequently subject to their retention policy. We may export statistical reports, but we guarantee that this is only in an anonymous form.
Use of cookies for the functioning and managing of our website Cookies may, in certain circumstances, store personal data which may include: IP addresses, browser type, location, operating system, etc. Please, see our Cookies Notice for more information.

Please, see our Cookies Notice

Cookie settings


2. Data sharing

We do not sell or trade your personal data to outside parties. 

Sharing your personal data as explained above may involve transferring personal data to a country outside the European Economic Area (EEA) and/or the UK. GXP Engaged is committed to complying with the transfer rules under applicable Data Protection Laws and commits to: 

  • Transfer your data to countries that have been recognized as adequate by the European Commission and/or by the UK secretary of state; or
  • Where a country has not received an adequacy decision from the European Commission, or the UK secretary of state, to implement appropriate safeguards, such as the EU Standard Contractual Clauses ("SCCs") (and the UK addendum), and/or the International Data Transfer Agreement ("IDTA").

You can contact our Data Protection Officer (DPO), see contact details below, if you would like more information on the mechanism supporting the data transfer.

3. How do we protect your information?

GXP Engaged treats your personal data in a confidential manner and provides a sufficient and adequate level of protection for your personal data.

Your personal data are contained behind secured networks and are only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential.

4. Your rights

According to the GDPR and/or UK GDPR, you have the following rights: 

  • Access. You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, information related to the processing of data and a copy of the data being processed.
  • Rectification. You have the right to require rectification of inaccurate or incomplete data about you.
  • Right to be forgotten. To obtain the deletion of your personal data under certain specified circumstances.
  • Restrict processing. You have the right to restrict processing of data under certain specified circumstances.
  • Object to processing. You have the right to object, on grounds relating to your particular situation, at any time to the processing of your data. 

Please note that all these rights are not absolute and will be assessed on a case-by-case basis by our DPO.  

If you would like to exercise your rights, please let us know by contacting our DPO (see contact details below).

You have also the right to lodge a complaint if you consider that your personal data is not processed in accordance with the GDPR and/or the UK GDPR.

If you are an EEA resident: You have the right to lodge a complaint with the Supervisory Authority in the Member State of the European Union of your habitual residence, place of work or place of the alleged infringement. 

If you are a UK resident: you may file a complaint with the Information Commissioner’s Office ("ICO"), the Supervisory Authority of UK.

Please find the contact information of all Authorities in section 6 "Contacts".

5. Changes to this Privacy Notice

This Notice is effective as of the date stated at the top of this page. We may change this Notice from time to time. Please refer to this Notice on a regular basis.

6. Contacts

GXP Engaged (Controller)
Brunhildenstr. 25
80639 München

Data Protection Officer

Contact details for EU Data Protection Authorities

For UK Supervisory Authority (“ICO”)
Tel: +55 (0)3 03 12 31 11 3

Loading this resource will connect to external servers which use cookies and other tracking technologies to personalize and improve experience. Further information can be found in our privacy policy.

Allow external media