GDPR Compliance

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It addresses the export of personal data outside the EU and EEA areas.

The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by data and to simplify the regulatory environment for international business by unifying the regulation within the EU. It enhances individuals' control and rights over their personal information and addresses the transfer of personal data outside the EU and EEA areas.

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so. These bases include:

• Consent: When you have given clear consent for us to process your personal data for a specific purpose.
• Contract: When processing is necessary for a contract we have with you or because you have asked us to take specific steps before entering into a contract.
• Legal Obligation: When processing is necessary for us to comply with the law.
• Legitimate Interests: When processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.

Data Protection Principles

We adhere to the following data protection principles:

• Lawfulness, fairness, and transparency: We process data lawfully, fairly, and in a transparent manner.
• Purpose limitation: We collect data for specified, explicit, and legitimate purposes.
• Data minimization: We ensure that personal data is adequate, relevant, and limited to what is necessary.
• Accuracy: We keep personal data accurate and up to date.
• Storage limitation: We retain personal data only for as long as necessary.
• Integrity and confidentiality: We process personal data in a manner that ensures appropriate security.
• Accountability: We take responsibility for how we process personal data and demonstrate compliance.

Under the GDPR, you have the following rights:

To exercise any of these rights, please contact our Data Protection Officer at [email protected].

We may transfer your personal data to countries outside the European Economic Area (EEA). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
• Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
• Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data
• Ability to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services
• Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
• Process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing
• Regular security assessments and penetration testing
• Staff training on data protection and security