We are committed to complying with the General Data Protection Regulation (GDPR) in relation to all personal data we collect from individuals within the European Union (EU). Here’s how we ensure GDPR compliance:
Legal Basis for Processing Personal Data
We will only process your personal data if we have a legal basis to do so under the GDPR. These legal bases include:
- Consent: Where you have given us explicit consent to process your personal data for specific purposes.
- Contractual Necessity: Where the processing is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into a contract.
- Legal Obligation: Where the processing is necessary for compliance with a legal obligation to which we are subject.
- Legitimate Interests: Where the processing is necessary for our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.
Rights of Data Subjects
Under the GDPR, individuals have certain rights regarding their personal data. These rights include:
- Right to Access: You have the right to request access to your personal data and obtain information about how we process it.
- Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal data.
- Right to Erasure: In certain circumstances, you have the right to request the deletion of your personal data.
- Right to Restriction of Processing: You have the right to request the restriction of processing of your personal data under certain conditions.
- Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
- Right to Object: You have the right to object to the processing of your personal data under certain circumstances.
Data Protection Officer (DPO)
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing compliance with the GDPR. You can contact our DPO at [firstname.lastname@example.org].
If we transfer your personal data outside the European Economic Area (EEA), we will ensure that appropriate safeguards are in place to protect your data, such as standard contractual clauses or adequacy decisions.
Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and affected individuals without undue delay, as required by the GDPR.
Privacy by Design and Default
We implement privacy by design and default principles to ensure that the necessary safeguards for data protection are incorporated into our processing activities from the outset.
We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including any legal, accounting, or reporting requirements.