GDPR statement.
Last updated:
This is the plain-language GDPR statement. The full text is in review by counsel; for the current version and the data processing agreement template, write to privacy@dismanto.com.
Controller and processor model
Sustain360 is the data controller for the marketing site and the data processor for customer tenants on the Sustain360 platform. Customer tenants are data controllers for the personal data they hold inside their tenant — for example, buyer email addresses attached to orders.
Data subject rights
- Access
- Right to confirmation and a copy of your personal data.
- Rectification
- Right to correct inaccurate or incomplete personal data.
- Erasure
- Right to deletion, subject to the regulatory retention periods that apply to ELV and ATF audit trails.
- Restriction
- Right to limit how your personal data is processed.
- Portability
- Right to receive your personal data in a structured, machine-readable format.
- Objection
- Right to object to processing based on legitimate interest.
Sub-processors
A current list of sub-processors is shared with customers under their tenant. Changes are notified in advance so customers can object before adoption. All sub-processors are EU-resident or operate under approved transfer mechanisms.
Processing register
We keep an Article 30 record of processing activities. The register is shared with enterprise customers under NDA on request.
Data processing agreement
Every customer tenancy is governed by a data processing agreement that mirrors GDPR Article 28 obligations. Standard template available on request.
DPO contact
privacy@dismanto.com — direct line to the Data Protection Officer. Responses within the GDPR-mandated window.