GDPR

We process all personal data lawfully, fairly, and in a transparent manner in relation to the data subject.

We ensure that the collection of personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

We obtain explicit consent from individuals before processing their data, and we provide easy options for individuals to withdraw consent at any time.

We fully support the rights of individuals under GDPR, including the right to access, correct, delete, and restrict processing of their data, the right to data portability, and the right to object.

We implement appropriate technical and organizational measures that ensure and demonstrate that we process personal data in compliance with GDPR. This includes measures to protect data against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

We ensure that when transferring personal data outside the EU/EEA, it is protected in accordance with GDPR requirements, including adequacy decisions and standard contractual clauses.

We have in place robust procedures to detect, report, and investigate personal data breaches. We will notify the relevant supervisory authority and affected individuals of a breach when legally required to do so.

We have appointed a DPO responsible for overseeing compliance with GDPR, providing a point of contact for data subjects and supervisory authorities.