GDPR Compliance

Effective Date: July 3, 2025

1. Introduction

Mandaleen AI is committed to compliance with the General Data Protection Regulation (GDPR). This page outlines our approach to GDPR, and explains the rights of individuals and the responsibilities of Mandaleen AI in relation to personal data.

2. Data Controller and Data Processor

When you use our services, you are the Data Controller, as you determine the purposes and means of processing personal data. Mandaleen AI acts as a Data Processor on your behalf, processing data in accordance with your instructions and the terms of our Data Processing Addendum (DPA).

3. Lawful Basis for Processing

We process personal data on several lawful bases, including:

  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose.
  • Contract: Where processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
  • Legitimate Interests: Where processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

4. Your Rights Under GDPR

Under GDPR, you have several rights regarding your personal data:

  • The right to be informed: You have the right to be informed about the collection and use of your personal data.
  • The right of access: You have the right to access your personal data.
  • The right to rectification: You have the right to have inaccurate personal data rectified, or completed if it is incomplete.
  • The right to erasure: You have the right to have personal data erased.
  • The right to restrict processing: You have the right to request the restriction or suppression of your personal data.
  • The right to data portability: You have the right to obtain and reuse your personal data for your own purposes across different services.
  • The right to object: You have the right to object to the processing of your personal data in certain circumstances.
  • Rights in relation to automated decision making and profiling: You have rights in relation to automated decision making and profiling.

5. Data Security

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption, access controls, and regular security assessments. Our DPA provides more detail on our security measures.

6. Data Transfers

We may transfer personal data to countries outside the European Economic Area (EEA). When we do so, we ensure that appropriate safeguards are in place to protect the data, such as Standard Contractual Clauses (SCCs).

7. Contact Us

If you have any questions about our GDPR compliance or wish to exercise your rights, please contact our Data Protection Officer at:

  • Email: dpr@mandaleen.com
  • Address: 14 Mecca Street, Amman, Jordan