Applicable legislation
Who we are
Mandate OpEx ("we", "us", "our") operates the website at www.mandateopex.com. We provide operational excellence tools and diagnostics for manufacturing businesses.
For the purposes of UK GDPR and EU GDPR, we are the data controller responsible for your personal data.
Mandate OpEx — hello@mandateopex.com
You can contact us at any time regarding how we handle your personal data.
Data we collect
We collect only what is necessary for the purposes described in this policy. We do not collect sensitive personal data (special category data under GDPR).
| Data type | Source | Purpose |
|---|---|---|
| Full name | Waitlist form | To address you personally when we launch |
| Email address | Waitlist, notify me, help, and suggestion forms | To contact you at launch and respond to your requests |
| Job role / title | Waitlist form | To understand who uses our tools and tailor our communications |
| Company size | Waitlist form | To segment our user base and prioritise tool development |
| Tool interest | Notify me form (coming soon pages) | To notify you when a specific tool becomes available |
| Suggestions / messages | Suggestion and help forms | To improve the product and respond to support requests |
| Usage data | Analytics (where enabled) | Aggregate, anonymised page view data to improve the site |
| Technical data | Server logs | Security, performance monitoring, and fraud prevention |
We do not collect payment card data, government ID numbers, health data, biometric data, or any special category personal data under Article 9 of UK/EU GDPR.
Lawful basis for processing
Under UK GDPR and EU GDPR, we must have a lawful basis to process your personal data. We rely on the following:
| Activity | Lawful basis |
|---|---|
| Waitlist registration and launch notification | Consent (Article 6(1)(a)) — you actively submitted the form |
| Responding to help requests and suggestions | Legitimate interests (Article 6(1)(f)) — to operate and improve the service |
| Tool-specific notify me requests | Consent (Article 6(1)(a)) — you submitted the notify me form |
| Security and fraud prevention | Legitimate interests (Article 6(1)(f)) — to protect the security of the site |
| Compliance with legal obligations | Legal obligation (Article 6(1)(c)) |
Where we rely on consent, you have the right to withdraw it at any time. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal. To withdraw consent, email hello@mandateopex.com.
How we use your data
We use your personal data only for the purposes for which it was collected:
- To notify waitlist members when Mandate OpEx launches
- To notify you when a specific tool you requested becomes available
- To respond to help requests and support queries
- To consider suggestions and improve the product
- To maintain the security and performance of our website
- To comply with applicable legal obligations
We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.
We do not send unsolicited marketing. Any launch notification email will be directly related to the service you signed up for.
To stop receiving emails from us at any time, email hello@mandateopex.com with the subject line "Unsubscribe" and your email address. We will remove you within 5 business days and confirm by reply.
How long we keep your data
| Data | Retention period |
|---|---|
| Waitlist registrations | Until product launch, then converted to user accounts or deleted within 30 days of launch |
| Notify me requests | Until the relevant tool launches, then deleted within 30 days |
| Help requests | 12 months from date of submission, unless ongoing |
| Suggestions | 24 months from submission, to inform product roadmap |
| Server / security logs | 90 days |
You may request deletion of your data at any time regardless of the above retention periods. See Section 8 for your rights.
Third parties and data sharing
We do not sell your personal data. We do not share it with third parties for their own marketing purposes.
We use the following third-party service providers (data processors) who process data on our behalf under written agreements:
| Provider | Purpose | Location | Policy |
|---|---|---|---|
| Airtable | Form data storage (waitlist, suggestions, help, notifications) | USA (SCCs applied) | airtable.com/privacy |
| Vercel | Website hosting and deployment | USA / global edge (SCCs applied) | vercel.com/legal/privacy-policy |
| Cloudflare | CDN, DNS, security, email routing | USA / global edge (SCCs applied) | cloudflare.com/privacypolicy |
| Anthropic | AI-generated recommendations (calculator feature) | USA (SCCs applied) | anthropic.com/privacy |
We may disclose personal data to law enforcement or regulatory authorities where required by law, or to protect the rights, property, or safety of Mandate OpEx, our users, or the public.
International data transfers
Some of our third-party service providers are based outside the UK and European Economic Area (EEA). Where we transfer personal data internationally, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) — approved by the European Commission and the UK ICO (International Data Transfer Agreements, IDTAs) are in place with all relevant processors
- Adequacy decisions — where transfers are to countries with an adequacy decision from the UK or EU
You may request details of the safeguards in place for any specific transfer by contacting hello@mandateopex.com.
Your rights
Under UK GDPR and EU GDPR you have the following rights. We will respond to all requests within 30 days.
Right of access
Request a copy of the personal data we hold about you (Subject Access Request).
Right to rectification
Ask us to correct inaccurate or incomplete personal data.
Right to erasure
Ask us to delete your personal data. We will action this promptly.
Right to restrict processing
Ask us to pause processing your data in certain circumstances.
Right to data portability
Receive your data in a structured, machine-readable format.
Right to object
Object to processing based on legitimate interests at any time.
Right to withdraw consent
Withdraw consent at any time without affecting prior processing.
Rights re: automated decisions
We do not carry out automated decision-making with significant effects.
Email hello@mandateopex.com with your request. We do not charge a fee and will respond within 30 days. In complex cases we may extend this by a further two months, notifying you within the first 30 days.
Right to complain
If you are based in the UK, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
If you are based in the EU, you may complain to the supervisory authority in your member state. A list of EU supervisory authorities is available at edpb.europa.eu.
We would appreciate the opportunity to address your concerns before you contact a regulator. Please contact us first at hello@mandateopex.com.
Children's privacy
Mandate OpEx is a professional tool directed at business users. It is not intended for use by children under the age of 16 (or under 13 where COPPA applies in the United States).
We do not knowingly collect personal data from children. If you believe a child has submitted personal data to us, please contact hello@mandateopex.com and we will delete it promptly.
Changes to this policy
We may update this privacy policy from time to time. We will notify you of material changes by:
- Updating the "Last updated" date at the top of this page
- Where we hold your email address, sending you notification of significant changes
We encourage you to review this policy periodically. Continued use of the site after changes are posted constitutes acceptance of the updated policy.
Previous versions of this policy are available on request by emailing hello@mandateopex.com.
Contact us
For any questions about this privacy policy, to exercise your data rights, or to raise a concern, contact us:
Mandate OpEx — Data Enquiries
Email: hello@mandateopex.com
We aim to respond to all privacy-related requests within 5 business days, and to fully resolve them within 30 days as required by law.