Security and Compliance with GDPR

GDPR Compliance Overview

Introduction to GDPR: The General Data Protection Regulation is a comprehensive data protection law in the EU that sets stringent standards for data privacy and security. It applies to all companies processing and holding the personal data of individuals residing in the European Union, regardless of the company's location.

Encryption as a Data Protection Measure: Our use of RSA and AES encryption is in line with GDPR's requirement for implementing appropriate technical measures to ensure a high level of security for personal data. By encrypting data both in transit and at rest, we provide robust protection against unauthorized access and data breaches.

Informed Consent: We ensure that clear consent is obtained from users for the collection and processing of their data, in accordance with GDPR's guidelines. This consent process is transparent, easily accessible, and as straightforward as possible.
Purpose Limitation: Data is collected and processed only for specified, explicit, and legitimate purposes. We do not use the data for anything other than its intended purpose, as communicated to the users.

Data Subject Rights: Our system supports the fulfillment of data subject rights under GDPR. This includes the right to access, right to rectification, right to erasure (‘right to be forgotten’), and right to data portability.
Data Minimization: We adhere to the principle of data minimization, ensuring that only the data necessary for the purposes of processing is collected and processed.

Breach Notification Protocols: In compliance with GDPR, we have established procedures to detect, report, and investigate personal data breaches. In the event of a data breach, we are prepared to notify the relevant supervisory authority within 72 hours of becoming aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals.
User Notification: If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will communicate the breach to the affected data subjects without undue delay.

Cross-Border Data Transfers: When transferring data outside the EU, we ensure that the appropriate safeguards are in place to maintain the level of data protection required by GDPR. This may involve the use of standard contractual clauses approved by the European Commission or ensuring the recipient is in a country deemed to have adequate data protection laws.

Regular Audits and Updates: Our compliance with GDPR is not a one-time effort but a continuous process. We conduct regular audits of our data processing activities and stay abreast of any changes in data protection laws to ensure ongoing compliance.
Training and Awareness: We maintain a high level of GDPR awareness among our staff through regular training and updates on data protection practices and principles.