The European Union’s General Data Protection Regulation (GDPR) is a data protection and privacy regulation which addresses the transfer of personal data both within and outside the EU and EEA areas. The objective of the GDPR is to enhance an individual’s control and rights over their personal data. RD&X is committed to comply with the laws of the geographies of its operation.

RD&X processes all personal data on a lawful basis and solely within the bounds permitted by Article 6(1)(f) of the GDPR. Accordingly, all of RD&X’s operating guidelines and standard processes are aligned with the requirements of the GDPR and are designed around the rights of the data subjects, thereby empowering data subjects to exercise control on how their information is processed.

This page provides an overview of the privacy framework implemented by RD&X to explain how RD&X conforms to the GDPR.

What is GDPR?

The General Data Protection Regulation (EU) 2016/679, popularly known by its abbreviation “GDPR”, is a European Union privacy law regulating aspects of data protection. The GDPR applies to data which is processed both within and outside the European Union. Under the GDPR, the data controller and the data processor are subject to certain legal obligations in respect of storage and use of personal data, and the data subjects enjoy certain rights in respect of how their data is treated by the data controller and the data processor.

Is the GDPR applicable to RD&X?

Yes. In the course of our operations, we may process personal information of EU residents and are therefore required to comply with the GDPR in respect of such users. However, we have voluntarily decided to meet the requirements of the GDPR in respect of each of our users, irrespective of their domicile, in order to apply global best practices as a standard measure of our operations.

Is RD&X permitted by the GDPR to process personal data?

Yes. The GDPR requires that in order to process personal data, there has to be at least one legal basis. Under Article 6(1)(f) of the GDPR, we are permitted to process personal data for the legitimate interests of a data controller or a third party, unless these interests are overridden by interests of the data subject.

How does RD&X implement compliance with the GDPR?

We have designed a triad of agreements, policies, and procedures to comply with the GDPR.

As a business partner, how do I work with RD&X in compliance with the GDPR?

We love working with partners who are as compliance-oriented as we are. At the outset of a relationship, we encourage the identification of the roles (as a data controller, a data processor, or both) that each of us needs to observe. Based on this assessment, we enter into relevant contracts which clearly establish the commitments by each of us to comply with the GDPR.

Can we know more about RD&X’s approach to data privacy?

Certainly! We have designated a data protection officer, who is mandated to enact our commitments to data protection. You could reach out to our data protection officer on legal@rebid.co with any questions, comments or feedback that you may like to share.

What measures does Rebid implement to comply with GDPR?

Controller Classification

Recognized as a Processor (where applicable) by the classifications of GDPR, ReBid cooperates with its respective partners in order to determine the way data is handled under the agreed terms.

Data Security

We have assigned Data Protection Officer (DPO). You may reach him via legal@rebid.co Our DPO is tasked with ensuring that ReBid acknowledges and abides its data protection responsibilities.

Global Implementation

Whereas GDPR regulations are merely applied to data gathered from European Union residents, we have taken a decision to meet the GDPR requirements globally for every user in every country

Personal Information

ReBid will gather and not store any Personal information. Personal information will be pseudonymized and encrypted to ensure the user’s privacy. The collected information will be handled for standard cases of advertising use: campaign targeting; campaign operations; brand measurement; performance attribution and optimization on the Rebid Platform.

Data Subject Rights

We have provided instructions in the policy manual for the users to access their personal information collected by ReBid; discontinue the future data gathering by Rebid; delete personal information collected by Rebid; opt for not passing that personal information by Rebid; opt for not processing that personal data by Rebid.


ReBid will manage a list of all sub-processors on a dedicated website page, available to those who have the password.

What should I expect from GDPR when working with ReBid?

Based on how you deal with ReBid, there are various steps related to GDPR. It’s advised that agents and subcontractors study our privacy policy along with other policies and look through our interpretation of GDPR. In addition, please acknowledge the below basis of our cooperation.

Data Processing Agreement

DSAR Procedure


Privacy Addendum

Information Security Policy

Data Backup Policy

Data Classification Policy

Data Retention Policy

Privacy Policy

Cookie Policy

In what way data subjects in the EU can request ReBid to delete their data?

The same way as with requests for data information, data subjects will be provided with instructions posted on the rebid.co website as to the rights and the ways of exercising these rights. The rights imply that they can make the below queries, which will be observed within a 30-day period from the initial request:


The possibility to remove personal information of such a user from the storage of ReBid in order to maintain his/her privacy rights.

Don’t Store

A way to specify that personal information of such a user will not be kept in the ReBid storage in order to maintain his/her privacy rights.

Don’t Process

A way to specify that personal information of such a user will not be processed by ReBid in order to maintain his/her privacy rights.

ReBid - GDPR - GDPR compliant GDPR Copy 9 1 150x64 1 - Rebid.co
ReBid - GDPR - image 4 - Rebid.co
ReBid - GDPR - image 5 - Rebid.co
ReBid - GDPR - image 6 - Rebid.co
ReBid - GDPR - SO2 1 e1548894778546 - Rebid.co