Legal and compliance

GDPR Notice

Last updated: 20 April 2026

This GDPR Notice explains how KPILoop.com — Tech and Administration Services processes personal data of individuals in the European Economic Area, the United Kingdom, and Switzerland when the General Data Protection Regulation or related local legislation applies.

This document complements our comprehensive Privacy Policy, which provides additional details on data practices.

1. Controller identity and contact details

KPILoop.com — Tech and Administration Services is established at RURI2795 Riyadh, Al Remal, Kingdom of Saudi Arabia. For GDPR matters, contact us at privacy@kpiloop.com.

2. Our Legal Basis for Processing Personal Data

We process personal data under the following legal bases:

  • Performance of a contract: When you sign up for KPILoop, we process data necessary to deliver our services, including account management, role-based dashboard provisioning, and billing.
  • Legitimate interests: We process data to improve our platform, secure accounts, prevent fraud, and communicate with customers about service updates. We balance these interests with your rights and freedoms.
  • Legal obligation: We may process data to comply with legal requirements, such as tax laws or binding requests from law enforcement.
  • Consent: In specific situations, we may ask for your consent to process your data for certain purposes, such as optional marketing newsletters. You may withdraw consent at any time.

3. Your Rights Under GDPR

Under GDPR, you have the right to:

  • Access your personal data.
  • Rectify any inaccurate personal data.
  • Erase your personal data ('right to be forgotten').
  • Restrict the processing of your data.
  • Port your data in a structured, commonly used format.
  • Object to the processing of your data, especially for direct marketing.

To exercise these rights, please submit a request to privacy@kpiloop.com. We will verify your identity and respond within the timeframes mandated by the regulation.

4. International Data Transfers

KPILoop operates on a global infrastructure, and your personal data may be transferred to and processed in countries outside of the EEA. We ensure such transfers are conducted in compliance with GDPR using mechanisms such as:

  • Adequacy decisions from the European Commission.
  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Other appropriate safeguards as applicable.

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, to meet our contractual and legal obligations, and to resolve disputes. Retention periods vary depending on the type of data and its purpose.

6. Data Security

We implement robust technical and organizational measures to protect your personal data from unauthorized access, loss, or destruction. These include encryption, role-based access controls, and regular security audits.

7. Data Protection Officer and Contact

For inquiries related to GDPR or our privacy practices, please contact our Data Protection Officer at privacy@kpiloop.com. We take privacy concerns seriously and are committed to investigating and resolving all complaints.

If you are not satisfied with our response, you have the right to lodge a complaint with the supervisory data protection authority in your country.

Related pages: Terms of Service, Privacy Policy, and Contact.

    Cookies and your privacy

    We use strictly necessary cookies to run KPILoop. With your permission, we also use cookies for analytics, marketing, and optional AI features. You can change your choices at any time.

    Cookie PolicyPrivacy Policy