Personal data protection

Personal data protection

What information we collect When you place an order, we only collect the necessary information needed to process your purchase, such as your name, address and contact information.

We also collect billing information for billing purposes and to comply with legal obligations.

How we collect your information We collect information directly from you through interactions such as filling out a registration form, and also automatically through technologies such as cookies.

User Provided Information We only collect information that you provide to us or information required by law. The ability to refuse to provide personal information may affect your ability to use certain services.

Automated information we collect We automatically record information about your use of our services using cookies, which helps us analyze and improve our services. This information is treated as anonymous.

Uses of Information We use the information we collect to enable transactions such as processing orders, handling complaints and complying with legal obligations. Personal information may be processed in our electronic database for purposes that are directly related to the provision of our services.

Sharing of personal data Your data is only accessible to us and is not shared with third parties, except where legally required for payment, distribution, accounting and legal processes. We do not share it with any other party.

Anonymous data and cookies Our services use cookies to improve quality, personalize the offer and collect analytical data. By using our site, you consent to this practice.

Data Security We are committed to protecting your personal information by encrypting it and storing it on secure servers. We treat confidentially all information that we consider sensitive or that is specifically protected by law.

Policy Updates We regularly update our security policies and processes to ensure that your personal information is protected.

Processor Agreement As a data processor, we comply with all the obligations set out in the GDPR where you, our clients, are the data controller of that data. Our contract and practices clearly define how and why we process personal data.

This text is tailored to meet GDPR standards and protect our clients' rights, whilst allowing scope for specific data to be added as requested. If you need further editing or have specific requests, please let me know.

Security incidents

Security Incident Definition and Procedure A security incident involves any situation in which there is a data breach or loss of data integrity. Examples include unauthorized access, data loss, information leakage, or damage to a data system.

Responsibilities and Commitments We are committed to responding to all security incidents in a systematic manner and in accordance with our internal security protocols and the law. We record and evaluate each incident to minimize risk and prevent recurrence.

Communication and Corrective Action In the event of a security incident, we will follow our incident response plan, which includes identification, assessment, damage limitation and communication with affected parties. We are committed to notifying affected data subjects and relevant authorities in accordance with legal requirements.

Documentation and Audit All security incidents are carefully documented for review and audit purposes. This enables us to better understand the causes of incidents and improve our security measures.

Subcontractors and third parties We may work with subcontractors when processing personal data. We are committed to ensuring that all our contracts with third parties contain strict security provisions and obligations in accordance with the GDPR.

Conclusion and next steps Our privacy policy and approaches to security incidents are regularly reviewed and updated to reflect current legal standards and best practice. We offer ongoing training to our staff to ensure they are aware of and adhere to these policies.

This text provides a complete overview of how your company processes personal data and handles security incidents, in line with the GDPR. If you have additional requirements or need specific edits, please let me know so I can further modify the text to suit your needs.

Processing agreement We, as the controller, accept the obligation to process personal data only in accordance with your instructions and within the contractually agreed purposes. Our commitment includes the processing of ordinary personal data and special categories of data in accordance with Article 9 of the GDPR. We are only authorised to store and process this data within the European Union and only through authorised sites.

We undertake to either securely delete or return this data after we have finished providing services related to the processing of personal data according to your instructions, unless the law requires further retention.

The role of the Data Protection Officer The Data Protection Officer serves as the main point of contact for supervisory authorities and those whose data we process. The Data Protection Officer ensures that all of our processes comply with the GDPR and that they are adequately documented and controlled.

Security measures and technical protection We implement a high standard of security and technical measures to ensure that personal data is protected from unauthorised access, misuse, damage or loss. These measures are regularly reviewed and updated to meet the latest security threats and standards.

Data Breach Notification In the event of a data breach that could lead to a risk to the rights and freedoms of individuals, we are required to notify the relevant supervisory authorities and affected individuals without delay as required by the GDPR.

Subcontractors and other processors In the event that we engage subcontractors to process personal data, we undertake to impose on them the same data protection obligations as we have adopted. We will inform you of any such changes and newly engaged parties in a timely manner and give you the opportunity to object.

Documentation and auditing We undertake to keep detailed documentation of all personal data processed and processing activities. This documentation is available for internal and external audits, allowing for transparency and discoverability of our operations.

This revised text corresponds with the current GDPR requirements and will ensure that your privacy policies are comprehensive and tailored to the needs of your organisation. Here is the final section of the reworded text:

Security Incident Response and Audits

Security Incident Handling Upon learning of any security incident that may involve personal data, we will immediately activate our incident response protocol. This protocol includes steps to identify, assess the scope, minimize damage and notify all relevant parties in accordance with legal requirements.

Incident Documentation All security incidents are carefully documented, including details of what happened, how the incident was responded to, what steps were taken to remediate the incident, and what steps will be taken to prevent future incidents.

Regular audits and reviews We regularly audit our systems and processes for processing personal data to ensure that our security measures are adequate and that we comply with all relevant legal and regulatory requirements. Audits can be carried out either by our internal team or by external consultants providing an independent assessment.

Data subjects and their rights

Access to personal data Every individual whose personal data we process has the right to access that data, the right to rectification, erasure (right to be forgotten), restriction of processing, the right to data portability and the right to object to processing.

Communication with data subjects We are committed to communicating effectively with those whose personal data we process, particularly when it comes to exercising their rights under the GDPR. Our contact details and procedures are clearly set out on our website and in our documents.

Employee education and training We regularly train our employees on data protection and security practices so that they are always up to date with the latest GDPR requirements and best practices for data protection.

This revised privacy policy is designed to strengthen the trust between our organisation and our clients, while providing clear information on how and why we process personal data. If you have any questions or require further amendments to this document, please do not hesitate to contact us.