EEA/SWISS/UK Privacy Notice Addendum
Last updated December 1, 2025
This EEA/SWISS/UK Privacy Notice Addendum Privacy Notice Addendum (“Addendum”) supplements the information contained in our Main Privacy Notice. It is intended to inform individuals who are resident in the European Union ("EU"), the European Economic Area ("EEA"), Switzerland. and the United Kingdom ("UK") (together, "Europe") about how your information, including Personal Data (as defined below), will be processed by Rethynx (including, "we", "us", "our", and "Rethynx LLC"), its affiliates, and/or on its behalf by its third party service providers.
If you have any questions about the information provided in this Addendum or our privacy practices, please contact us outlined under Contact Us below.
If you have any questions about how we use your Personal Data or to exercise your data protection rights (as set out in this Addendum), please contact us as outlined under Contact Us below or complete our Request Submission Form.
Overview
We are required to give you the information in this Addendum, including to inform you about your data protection rights, under the General Data Protection Regulation (EU) 2016/679 (“EU GDPR”); and the EU GDPR as amended and incorporated into the UK's European Union (Withdrawal) Act 2018 and the UK Data Protection Act 2018 (together, "European Data Protection Laws"). We are committed to protecting your privacy. You should read this Addendum fully to understand the basis upon which we process your Personal Data, how we use it and to whom it will be disclosed.
All capitalised terms have the same meaning given to them in the Privacy Notice or this Addendum. In the event of a conflict between this Addendum and the Privacy Statement, this Privacy Notice will prevail to the extent that you are resident in Europe.
SUMMARY OF KEY POINTS
Data Subjects
Who is Responsible for Your Personal Data?
What is Personal Data?
How and Why Do We Use Your Personal Data?
We will process your Personal Data when::
-
you access or use our Sites;
-
you, or the organisation with which you are connected, are a potential client of our Services; or
-
you have engaged with, or subscribed to, our newsletters or other marketing communications or initiatives.
As joint controllers, Rethynx LLC and/or its affiliates have an arrangement in place to protect your data privacy and data protection rights. In some instances, we may be independent controllers of your Personal Data under European Data Protection Laws.
For European residents, the term “Personal Data” means any information relating to an identified or identifiable natural person. It can include information about you that can identify you, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors.
Personal Data processed about you will vary according to our interactions and relationship with you, including Services we offer (and the nature of our engagements). The table below explains our processing activities, one or more of which may be apply to you. Note: The Personal Data listed is non-exhaustive.
Personal Data Types
Legal
Basis
Data
Source
Processing Purpose
Recipients
First and last name, email address, mailing address or phone number, and current employer and role/job title (“Contact Information”).
Contact Information.
Contact Information and information confirming your identity and status within a company, (e.g., director / beneficial owner), your responsibilities, PPSN, identify verification documents, tax information, and/or other information you provide to us.
Contact Information and details about your contact preferences (e.g., areas of interest) and information relating to your subscription to, receipt of or interest in any of our mailing lists, blogs, or newsletters, or registration to access any of our restricted content.
Automatically collected information from your activity on our Sites such as browser information, IP address, and browser type.
Contact Information or other Personal Data.
Contact Information or other Personal Data.
Contact Information or other Personal Data
Our legitimate interests to engage you as prospective client.
Our legitimate interests, in providing, maintaining and/or improving our Services.
Our legitimate interest to operate our business, for relationship management purposes and to provide Services.
Our legitimate interests in relation to events, market updates & insights, and newsletters.
Our legitimate interests in relation to improve our Sites and personalise your visit to our Sites.
Our legitimate interests in relation any actual or potential litigation, disputes, or complaints.
To comply with legal obligations to which we are subject under European laws.
Our legitimate interests in the event we go through a business transition, such as a merger, or the acquisition or sale of all or a portion of its assets.
Directly or indirectly from you, prospective clients, or their agents.
Directly or indirectly from you, prospective clients, or their agents.
Directly from you.
Directly or indirectly from our clients or their agents collected while providing services and in connection with pre- engagement activities.
Directly or indirectly from you, including through your engagement with advertisements on platforms such as LinkedIn.
Indirectly from you through our sites, cookies, and other tracking technologies.
Directly or indirectly from you.
Directly or indirectly from our clients or their agents.
Indirectly from you through our sites, cookies, and other tracking technologies.
Directly or indirectly from you.
Directly or indirectly from our clients or their agents.
Directly or indirectly from you.
Directly or indirectly from our clients or their agents.
Directly or indirectly from you.
Directly or indirectly from our clients or their agents.
-
To respond and manage any communications you send to us as a prospective client (e.g., when you email us or contact us via the Site).
-
To record your details in our systems as a prospective client.
-
To respond to individual or client requests.
-
To provide, improve or maintain our Services.
-
To send administrative information or notices.
-
To communicate in connection with a client or potential client engagement.
-
To keep records associated with our Services (including, associated communications, records, etc.).
-
To prevent, detect and respond to actual or potential fraudulent or other activities.
-
To initiate, onboard and fulfil a contract for Services.
-
To order to perform Services.
-
To perform pre-engagement activities.
-
To conduct client due diligence, background checks, KYC checks and background checks (where required by professional standards, law, or regulation).
-
To comply with our professional standards, legal and regulatory obligations.
-
To manage and administer our business relationship with you.
-
To keep records associated with our Services (including, associated communications, records, etc.).
-
To enforce our rights arising from any contract, including billing and collections.
-
To invite you to meetings, events, webinars, conferences, seminars, online surveys, or self-assessment tools.
-
To promote our Services.
-
To develop and maintain our relationship with you and/or your organisation.
-
To engage with you by sending you our newsletters, industry, market updates & insights, when you have engaged with us, or you are a client representative.
-
To assess your participation in, reception of, interest in, or engagement with our marketing activities, materials we send you and our events (e.g., newsletter, surveys, conferences).
To personalize content on our Sites.
To track activity on and technical performance of our Sites.
To evaluate our marketing efforts; to improve our Sites.
To establish, defend or exercise our legal rights and any legal proceedings or out-of-court proceedings which may arise.
To respond and manage any valid legal or data subject rights requests you and any steps relating to same.
To manage a relevant business transition, acquisition or sale of all or a portion of our assets.
Service providers, including marketing services; our affiliates.
Service providers, including marketing services; our affiliates.
Service providers, our affiliates.
Service providers of marketing, social media, audio/visual or related services.
Service providers for providing internet services.
Service providers for marketing services (e.g., Site visitor insight solutions).
Service providers; our affiliates.
Service providers; our affiliates.
Service providers; our affiliates; interested parties in transaction
Note: When we process your Personal Data based on our legitimate interests, we make sure to consider and balance any potential impact on you and your data protection rights. We will not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law). You have certain rights when we process your Personal Data on this basis. For more information on exercising your data protection rights please see the Applicable Rights Table of our Main Privacy Notice.
Data Retention
Unsubscribe and Opt-out
Automated Decision-making
International Data Transfers
We will retain process your Personal Data for as long as is needed or as permitted based on the purpose(s) for which it was obtained and in accordance with applicable law. The criteria used to determine our retention periods include:
-
the nature and length of our ongoing relationship with you and provide you/your organisation Services;
-
whether there is a legal obligation under applicable laws or a requirement under professional standards to which we are subject; and
-
whether retention is advisable considering our legal position (such as with respect to statutes of limitations, litigation, or regulatory investigations).
If you would like to find out more about our retention of your Personal Data, please contact us as outlined in the Contact Us section below or by completing our Request Submission Form.
If you wish to opt out of receiving marketing emails, newsletters or other such communications, you may do so at any time by clicking on the unsubscribe link provided in our communications, contacting us as described under Contact Us below, or completing our Request Submission Form.
We do not use profiling or make any decisions based solely on the automated processing of your Personal Data.
To support our worldwide operations, some of our services and websites are provided from the United States and other countries.
If you live in Europe, your personal data may be shared, sent, or stored outside Europe – mainly with our related companies and trusted service providers in places like the United States, India, or other countries we select as needed.
Data protection laws in these countries may offer a different level of protection than under European Data Protection Laws.
When we transfer your Personal Data to other countries, we use appropriate transfer mechanisms and added protections to help keep it secure, as described in this Addendum and our Privacy Notice:
-
For transfers (including, onward transfers) of Personal Data within Rethynx to affiliates in the United States, we rely we rely on the EU Standard Contractual Clauses ("SCCs"), the UK Addendum to the EU SCCs (e.g., India, etc.) or adequacy decisions of the European Commission (e.g., Canada, etc.).
-
For transfers (including, onward transfers) of your Personal Data within the Rethynx to affiliates based in other, non-European countries, we rely on the EU Standard Contractual Clauses ("SCCs"), the UK Addendum to the EU SCCs (e.g., India, etc.) or adequacy decisions of the European Commission (e.g., Canada).
-
For transfers (including, onward transfers) of Personal Data to external providers, we rely on the EU SCCs, UK Addendum, or adequacy decisions of the European Commission.
If you would like to find out more about any transfers relating to your Personal Data, please contact us by contacting us as outlined under Contact Us below, or completing our Request Submission Form.
Your Rights and Choices
-
Global Data Subject Rights. Laws around the world give individuals certain rights involving our data processing practices. We’ve listed those rights, along with brief explanations, in the Applicable Rights Table below. We comply with the laws that apply to your location. Even if your country or region is not specifically mentioned, simply contact us—we will handle your request in accordance with applicable law. We may need to verify your identity before responding, so we might ask for additional information to confirm who you are and that the request is genuine. To submit a request or ask questions, please complete our Request Submission Form or use one of the contact methods listed under Contact Us below. Please note that these rights are not absolute—they may be limited or denied in certain cases (e.g., to protect other people’s rights, trade secrets, or our legal obligations of confidentiality) as outlined below in Legitimate Interest or Legal Obligation Exceptions. When providing copies of your information, we may redact or share only excerpts to protect privacy or confidential information.
-
Exceptions. Please bear in mind that your rights are not absolute. We may deny your deletion request if any of the Legitimate Interest Exceptions or Legal Obligation Exceptions (together, "Exceptions") described below require that we retain the information for us or our service providers to:
Applicable Rights Table
Categories
Rights
Access (to know or be informed).
Correction (rectification).
Erasure (deletion).
Restrict (block/object) Processing.
Restrict the Sale or Sharing.
Data Portability.
Automated Decision-making and Profiling.
Withdraw Consent.
Lodge a complaint with the Supervisory Authority.
Shine the Light Request.
Non-discrimination.
Appeal the denial of a DSR.
If you ask us, we will confirm whether we are processing your personal information and, if necessary, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
If the personal information we hold about you is inaccurate or incomplete, you may request to have it corrected. If you are entitled to have the information corrected and if we have shared your personal information with others, we will inform them about the rectification where possible. If you ask us, we will also tell you, where possible and lawful to do so, with whom we have shared your personal information so that you can contact them directly.
You can ask us to delete or remove your personal information in some circumstances, such as where we no longer need it or if you withdraw your consent (where applicable). If you are entitled to erasure and if we have shared your personal information with others, we will let them know about the erasure where possible. If you ask us, we will also tell you, where it is possible and lawful for us to do so, with whom we have shared your personal information with so that you can contact them directly.
You can ask us to restrict the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information or you object to us. If you are entitled to restriction and if we have shared your personal information with others, we will let them know about the restriction where it is possible for us to do so. If you ask us, we will also tell you, where it is possible and lawful for us to do so, with whom we have shared your personal information so that you can contact them directly.
N/A
You have the right, in certain circumstances, to receive a copy of personal information we've obtained from you in a structured, commonly used and machine-readable format, and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
You have the right not to be subject to a decision when it's based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.
If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time. However, this does not affect the lawfulness of the processing before consent was withdrawn.
If you have a concern about any aspect of our privacy practices, including the way we've handled your personal information, you can report it to the relevant supervisory authority.
N/A
You have the right to not be discriminated against for exercising your privacy rights.
You have the right to appeal our denial of your request to exercise your rights under the applicable privacy law. If you are in the EEA, you also have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws. Access a list of local data protection authorities in EEA countries.
Exercising Your Rights
Who may make a request. Residents of the regions identified in Applicable Rights Table above or those authorized to act on their behalf may make a verifiable DSR related to their personal information. For example, an authorized representative can be a parent making a request on behalf of their child.
How you may make a request. You or your representative have the right to exercise any of the rights applicable to you by reaching out to us using the methods indicated at the bottom of this page. Please note that these rights may be subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will carry out your request (and, when applicable, direct our service providers to do so as well), unless an exception applies. However, selecting this option may prevent you from receiving Services, receiving program or similar updates, or accessing certain Site features.
Note: Residents of the US states identified above or those duly authorized to act on their behalf may request that we not sell their personal information by clicking the “Do Not Sell My Personal Information” button below. California residents may also request that we limit our use of their sensitive personal information via our Request Submission Form. However, selecting these options may prevent you from receiving Services, receiving program or similar updates, or accessing certain Site features.
Response Timing and Format. We endeavor to respond to a verifiable consumer request within:
-
30 days for individuals located in EEA, Quebec, Switzerland, or UK. Any disclosures we provide will cover appropriate time frames under applicable regulatory requirements.
If we require more time to respond to a DSR, we will inform you of the reason and extension period in writing before the required response time. If you have an account with us, we will deliver our written response to the registered email associated with the account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. The response also we provide will explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
DSAR Fees
We do not charge individuals located in EEA, Quebec, Switzerland, or UK a fee to process or respond to verifiable DSR unless it is excessive or manifestly unfounded to warrant a “reasonable fee” to cover our administrative costs of complying with the request
If we determine that a DSR warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing the DSR.
Verified DSR. We cannot respond to DSRs or provide related personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable DSR does not require you to create an account with us. We will only use personal information provided in a verifiable DSR to verify the requestor’s identity or authority to make the request.
Non-Discrimination. We will not discriminate against any individual for exercising any of their respective DSR rights. Unless permitted by law, we will not deny you the use of our Services or provide you with a different level or quality of Services.
Appeals. Where applicable law applies, you may appeal the denial of their DSR by contacting us as detailed below.
Addendum Changes
We may update this Privacy Notice from time to time as our Services and practices change, or as required by law. The effective date of our Privacy Notice is posted above, and we encourage you to visit our Sites periodically to stay informed about our privacy practices. We will post the updated version of the Privacy Notice on our Sites and ask for your consent to the changes where legally required. By continuing to use any of our Sites, you acknowledge the terms of this Privacy Notice as of the effective date will apply to information, including personal information, previously collected, or collected in the future as permitted by applicable law.
Contact Us
If you have questions or comments regarding this Privacy Notice, please use our Contact Us form or email us at info@rethynx.com: ATTN: Data Protection Officer.
To exercise the rights described above, please submit a verifiable request to us by either:
-
Using our web form: Request Submission Form
-
Using our Contact Us
Contact Us
If you have questions or comments regarding this Privacy Notice, please use our Contact Us form or email us at info@rethynx.com: ATTN: Data Protection Officer.
To exercise the rights described above, please submit a verifiable request to us by either:
-
Using our web form: Request Submission Form
-
Using our Contact Us