Here are some of the ways we comply with the GDPR:
Lawful Basis: We only process personal data where we have a lawful basis to do so. This includes obtaining consent where necessary, fulfilling our contractual obligations, and complying with our legal obligations.
Data Subject Rights: We respect the rights of individuals to access, rectify, delete, and restrict the processing of their personal data. We also provide individuals with the ability to object to the processing of their personal data, and to receive a copy of their personal data in a machine-readable format.
Data Protection Impact Assessments: We conduct Data Protection Impact Assessments (DPIAs) to identify and mitigate any potential privacy risks associated with our data processing activities.
Data Protection Officer: We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection practices and ensuring compliance with the GDPR.
Security: We implement appropriate technical and organizational measures to ensure the security of personal data against unauthorized or unlawful processing, and against accidental loss, destruction, or damage.
Data Processing Agreements: We enter into Data Processing Agreements (DPAs) with any third-party service providers who process personal data on our behalf, to ensure that they also comply with the GDPR.
Right to be forgotten
In the European Union, GDPR gives you the right to be forgotten, officially known as the right to erasure. It’s not as intense as it sounds – it just means you can ask companies to delete any information they store about you.
So if you want to be forgotten or erased, you just have to ask! We’ll delete all the information we keep about you, with the exception of anything required to comply with the law. One example of this is invoices – these have to be kept for at least four years by law.
We’ve made it easier for you to delete your account, and all the information connected with it.
Once you confirm that you want to delete your account, we’ll remove/anonymize all the information we have about you. We’ll also delete your information from all our activity logs and data stored in third-party systems. Although the data will be deleted from all ‘live’ systems immediately, please note that the deletion of the information from backup systems can take around 30 days (but the information erased will not be processed nor accessed by anyone).
If you have any questions or concerns about our GDPR compliance or data protection practices, please do not hesitate to contact us.