GDPR Compliance Statement

1. Introduction

2. Data Protection Principles

3. Legal Basis for Processing

• Consent of the data subject
• Performance of a contract
• Compliance with legal obligations
• Protection of vital interests
• Legitimate interests pursued by us or a third party

4. Your Rights

• Right to be informed about how your data is used
• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ('right to be forgotten')
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision making

5. Data Security

• Encryption of personal data
• Regular security assessments
• Access controls and authentication
• Staff training on data protection
• Secure data backup procedures
• Regular security testing and monitoring

6. International Transfers

When transferring personal data outside the EEA, we ensure adequate protection through:

• Standard contractual clauses
• Adequacy decisions
• Binding corporate rules
• Appropriate safeguards

7. Data Breach Procedures

• Notify the relevant supervisory authority within 72 hours
• Inform affected individuals without undue delay
• Document all breaches and remedial actions
• Review and update security measures

8. Data Protection Officer

Our Data Protection Officer (DPO) oversees our data protection strategy and implementation to ensure compliance with GDPR requirements.

The DPO's responsibilities include:

• Monitoring GDPR compliance
• Advising on data protection obligations
• Providing staff training
• Conducting internal audits
• Acting as a contact point for supervisory authorities

9. Compliance Procedures

• Regular data protection impact assessments
• Maintenance of records of processing activities
• Staff training and awareness programs
• Regular policy reviews and updates
• Vendor assessment and management
• Internal audits and compliance checks