Updated On: 05 October 2025

Professionalize and the GDPR

The General Data Protection Regulation (GDPR), enforced by the European Union since 25^th May 2018, sets strict standards for processing personal data of individuals in the European Economic Area (EEA).

Although Cloudize Pty Ltd, the operator of Professionalize.com, is an Australian-based company, we uphold the privacy rights and data protection standards of all users worldwide, including those within the EEA, the UK, and Switzerland.

This notice explains our role under the GDPR, how we manage international data transfers, and the steps we’ve implemented to protect user privacy across our AI agents, hosted platforms, and associated services.

Professionalize as the Data Processor

When you use our products—such as Professionalize AI Agents, APIs, or hosted platforms—you may upload, store, or transmit personal data belonging to your clients, customers, or employees (“Client Data”).

In these circumstances, you act as the Data Controller, and Cloudize Pty Ltd acts as your Data Processor, processing personal data strictly in accordance with your documented instructions and only for the purposes of delivering our contracted services.

Article 28 of the GDPR requires a written data processing agreement. Our Terms of Use and Privacy Policy together constitute this Data Processing Agreement (DPA) between you (Controller) and Cloudize (Processor).

As a processor, Professionalize:

• Processes Client Data only as instructed by you.
• Implements technical and organizational safeguards appropriate to the risk.
• Assists you in fulfilling GDPR obligations (e.g., subject rights, breach notification).
• Ensures sub-processors are bound by equivalent data protection commitments.

For clarity, Cloudize does not access, use, or train AI models on your Client Data unless you explicitly consent or enable this functionality in product settings.

Professionalize as the Data Controller

Cloudize also acts as a Data Controller when processing personal data about:

• Users who visit our websites or use our web applications.
• Customers who purchase subscriptions or interact with our support or sales teams.
• Job applicants, contractors, and partners.

As a controller, we process data under the following legal bases:

• Contractual necessity (GDPR Article 6(1)(b)) — to provide and maintain our services.
• Legal obligations (Article 6(1)(c)) — for financial, tax, and compliance requirements.
• Legitimate interests (Article 6(1)(f)) — to improve services, maintain security, and perform responsible marketing in ways that do not override user rights.

Our Legitimate Interests Explained

• Enhancing and personalizing the performance of our AI agents and services.
• Protecting platform security and preventing misuse or fraud.
• Conducting aggregated analytics to improve customer experience.
• Communicating relevant product updates, offers, or educational content.
• Fulfilling existing contracts efficiently and responsibly.

If you wish to object to processing based on legitimate interests, contact our Data Protection Officer at dpo@professionalize.com.

Data Transfers

Cloudize operates primarily from Australia, with some infrastructure and sub-processors located in other regions, including the United States.

When personal data is transferred outside the EEA, UK, or Switzerland, we ensure it receives an equivalent level of protection through one or more of the following mechanisms:

• Execution of Standard Contractual Clauses (SCCs) approved by the European Commission.
• Transfers to entities covered by an adequacy decision (e.g., the EU–US Data Privacy Framework).
• Implementing additional safeguards such as encryption, pseudonymization, and data minimization.

We maintain an updated list of all authorized sub-processors within our Terms of Use.
You can also request details about our data transfer mechanisms at privacy@professionalize.com.

Security and Internal Governance

Cloudize maintains a comprehensive data protection program built around the GDPR’s core principles of lawfulness, fairness, transparency, purpose limitation, and accountability.

Our security practices include:

• Encryption of data in transit and at rest.
• Role-based access controls and activity monitoring.
• Secure data deletion and retention management.
• Privacy-by-design principles embedded into all AI agent and platform development.
• Formal incident response and breach notification procedures.

We audit our systems and sub-processors regularly to ensure compliance with privacy standards.

Data Subject Rights

Under the GDPR, individuals have rights to:

• Access their personal data.
• Request correction or deletion.
• Restrict or object to processing.
• Request data portability.

Professionalize has procedures in place to help our customers and their users exercise these rights promptly.
Requests can be submitted via our Data Protection Officer at dpo@professionalize.com.

Documentation and Transparency

We regularly review and update our Terms of Use and Privacy Policy to ensure transparency and compliance with evolving legal requirements.

These documents describe in plain language:

• What data we collect and why.
• How long we keep it.
• The rights of individuals and our commitments to data protection.

Training and Awareness

All Cloudize personnel receive regular privacy and security training focused on handling personal data responsibly, identifying risks, and reporting incidents quickly.

GDPR principles are built into our onboarding and ongoing compliance programs, ensuring that data protection remains central to our business culture.

Contact Information

For any questions, data access requests, or privacy concerns, please contact our Data Protection Officer (DPO):

Email: dpo@professionalize.com
Privacy Team: privacy@professionalize.com
Legal Inquiries: legal@professionalize.com

Mailing Address: Cloudize Pty Ltd, Suite 163, 79 Longueville Road, Lane Cove, NSW, 2066, Australia.

We are committed to maintaining GDPR-level protection globally, not only within Europe.