Operating within the highest regulatory standards.

Fortiax operates in full compliance with the General Data Protection Regulation (EU) 2016/679. Our processing activities are documented in a comprehensive Record of Processing Activities (RoPA), and we conduct Data Protection Impact Assessments (DPIAs) for all high-risk processing operations. A qualified Data Protection Officer oversees all compliance activities.

As a provider of digital security services, Fortiax operates in accordance with Directive (EU) 2022/2555 (NIS2) and the EU Cybersecurity Act (Regulation (EU) 2019/881). We maintain certified incident response protocols, apply security-by-design principles across all systems, and participate in relevant sector-specific information sharing arrangements.

Fortiax is incorporated and headquartered within the European Union and holds the required registrations and authorisations to operate across all EU member states. Our services extend to clients in Switzerland, the United Kingdom, and select jurisdictions in the Gulf Cooperation Council, where we maintain compliance with local data protection and financial services regulations.

Fortiax is subject to the oversight of the relevant national data protection authority in its jurisdiction of incorporation. Clients have the right to lodge complaints directly with their national supervisory authority. In Belgium, this is the Gegevensbeschermingsautoriteit (GBA). In the Netherlands, the Autoriteit Persoonsgegevens (AP). In France, the Commission Nationale de l'Informatique et des Libertés (CNIL). In Germany, the relevant state-level Landesbeauftragter.

Regulatory bodies, law enforcement agencies, and legal representatives may direct formal requests to our Legal & Compliance team at legal@fortiax.com. All requests are processed in accordance with applicable law and our established legal process protocols. We do not respond to informal requests for client data under any circumstances.