GDPR Compliance

Effective Date: 1 January 2026

Last Updated: 1 January 2026

Our Commitment to Data Protection

Mandex is committed to protecting personal information and maintaining strong data privacy and security standards across our platform and operations.

We recognise the importance of responsible data handling for organisations managing worker records, compliance documentation, PPE tracking, and operational safety information.

Our platform is designed with privacy, security, accountability, and transparency in mind.

GDPR Overview

The General Data Protection Regulation (GDPR) is a European data protection law designed to protect the privacy and rights of individuals.

GDPR establishes standards for how organisations collect, process, store, transfer, and protect personal information.

Mandex supports organisations in managing compliance-related information responsibly and securely.

How Mandex Supports GDPR Compliance

Mandex applies privacy and security principles across platform design, infrastructure, and operational processes.

Our approach includes:

  • Data minimisation practices

  • Access controls and permission management

  • Encryption in transit and at rest

  • Audit logging and traceability

  • Secure cloud infrastructure

  • Role-based access permissions

  • Data retention controls

  • Continuous monitoring and security practices

Personal Information We May Process

Depending on how organisations use Mandex, the platform may process:

  • Worker names and identification details

  • Training and certification records

  • PPE assignment records

  • Inspection and compliance records

  • Site attendance information

  • Audit and operational logs

  • User account and login information

Mandex processes this information only for legitimate operational and compliance-related purposes.

Lawful Basis for Processing

Personal information processed within Mandex may be handled under lawful bases including:

  • Legitimate business interests

  • Legal and regulatory obligations

  • Contractual requirements

  • Workplace health and safety obligations

  • Organisational compliance management

Customers are responsible for ensuring they have appropriate authority and lawful basis for data entered into the platform.

Data Security Measures

Protecting operational and compliance data is a core priority.

Security measures may include:

  • Encryption at rest and in transit

  • Secure authentication controls

  • Access management and permissions

  • Audit trails and activity logging

  • Secure cloud hosting infrastructure

  • Regular monitoring and maintenance

  • Backup and recovery processes

While we implement reasonable safeguards, no system can guarantee absolute security.

Access Controls and Permissions

Mandex uses role-based access controls to help organisations manage visibility and permissions across teams.

This allows businesses to:

  • Restrict access to sensitive records

  • Control who can edit or approve data

  • Limit visibility based on operational responsibilities

  • Maintain auditability across workflows

Audit Trails and Traceability

Mandex is designed to maintain traceable compliance records.

This may include:

  • Timestamped activity records

  • Inspection history

  • Equipment lifecycle tracking

  • Worker assignment history

  • Change logging

  • Compliance verification records

These audit records help organisations maintain defensible compliance documentation.

Data Retention

We retain information only for as long as necessary to:

  • Provide the Services

  • Meet legal obligations

  • Maintain compliance records

  • Resolve disputes

  • Support operational requirements

When information is no longer required, we take reasonable steps to securely delete or de-identify it.

International Data Transfers

Depending on infrastructure and integrations, information may be processed or stored outside the country where it was collected.

Where international transfers occur, Mandex takes reasonable steps to apply appropriate safeguards and security protections.

Third-Party Integrations

Mandex may integrate with third-party systems including:

  • ERP platforms

  • HR systems

  • Asset management systems

  • Safety platforms

  • Document storage providers

Customers are responsible for reviewing the privacy and data handling practices of third-party providers connected to their environment.

Individual Rights

Depending on applicable laws, individuals may have rights relating to:

  • Access to personal information

  • Correction of inaccurate information

  • Restriction of processing

  • Objection to certain processing activities

  • Data portability

  • Deletion requests where applicable

Requests relating to personal information should generally be directed through the organisation responsible for the data.

Customer Responsibilities

Organisations using Mandex are responsible for:

  • Ensuring lawful collection and use of personal information

  • Managing internal access permissions

  • Maintaining appropriate workplace and compliance policies

  • Responding to individual privacy requests where required

  • Ensuring data entered into the platform is accurate and lawful

Privacy by Design

Mandex aims to apply privacy considerations throughout product development and operational processes.

This includes:

  • Limiting unnecessary data collection

  • Supporting secure access management

  • Maintaining auditability

  • Designing for operational accountability

  • Applying security controls across workflows

Updates to This Page

We may update this GDPR Compliance page from time to time to reflect:

  • Platform changes

  • Legal or regulatory developments

  • Operational improvements

  • Security updates

Updated versions will be published on this page.

Contact Us

If you have questions about data protection, privacy, or GDPR-related matters, please contact:

Mandex
Email: support@mandex.com
Location: United Kingdom

Back Home

Back Home

Create a free website with Framer, the website builder loved by startups, designers and agencies.