GDPR Compliance and Data Protection Policy
This GDPR Compliance and Data Protection Policy ("Policy") outlines how OKIANO Connect ("Company") ensures compliance with the General Data Protection Regulation (GDPR) and protects the rights and privacy of individuals when using the OKIANO Connect website ("Website").
1. Data Controller and Processor
The Company may act as both a data controller and a data processor, as defined under the GDPR. The data controller determines the purposes and means of processing personal data, while the data processor processes personal data on behalf of the data controller.
2. Lawful Basis for Processing
The Company processes personal data based on lawful bases, including consent, legitimate interests, and contractual necessity, as required under the GDPR.
3. Collection and Use of Personal Data
- Purpose and Lawful Basis: The Company collects and processes personal data for specified, explicit, and legitimate purposes. The lawful basis for processing personal data is determined based on the purpose of the data processing.
- Consent: Where consent is required under the GDPR, the Company will obtain explicit and informed consent from individuals before processing their personal data.
- Legitimate Interests: The Company may process personal data based on its legitimate interests, provided that such interests do not override the rights and freedoms of individuals.
4. Rights of Data Subjects
Individuals have the following rights under the GDPR:
- Right to Access: Individuals can request access to their personal data and receive information about how it is processed.
- Right to Rectification: Individuals can request the correction of inaccurate or incomplete personal data.
- Right to Erasure: Individuals can request the deletion of their personal data under certain circumstances.
- Right to Restriction of Processing: Individuals can request the restriction of processing of their personal data.
- Right to Data Portability: Individuals can request their personal data in a structured, machine-readable format.
- Right to Object: Individuals can object to the processing of their personal data based on legitimate interests.
5. Data Retention
The Company will retain personal data for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law or necessary for the Company's legitimate business purposes.
6. Data Security
The Company implements appropriate technical and organizational measures to ensure the security and confidentiality of personal data, in accordance with the requirements of the GDPR.
7. Data Transfers
The Company may transfer personal data to countries outside the European Economic Area (EEA) for processing. In such cases, the Company will ensure appropriate safeguards are in place to protect the data, as required by the GDPR.
8. Data Breach Notification
In the event of a data breach that poses a risk to individuals' rights and freedoms, the Company will notify affected individuals and relevant supervisory authorities in accordance with the GDPR's data breach notification requirements.
9. Updates to Policy
The Company reserves the right to update and amend this Policy to ensure compliance with changes in data protection laws and regulations. Any such changes will be communicated through appropriate channels.
For any questions, requests, or concerns related to GDPR compliance and data protection, please contact our Data Protection Officer at firstname.lastname@example.org.