GDPR COMPLIANCE POLICY

This section details our compliance with the General Data Protection Regulation (GDPR), ensuring the protection and transparency of user data processing.

1. Lawful Basis for Processing Data

We process personal data based on the following legal grounds:

• Consent: When users explicitly agree to data collection and processing.

• Contractual Necessity: When processing is necessary for the performance of a contract.

• Legal Obligation: When we are required by law to process personal data.

• Legitimate Interests: When data processing is necessary for legitimate business purposes that do not override individual rights.

2. User Rights under GDPR

Under GDPR, users have enhanced rights concerning their data:

• Right to Be Informed: Users have the right to understand how their data is collected and used.

• Right to Access: Users can request a copy of their personal data.

• Right to Rectification: Users can correct inaccurate or incomplete data.

• Right to Erasure (Right to Be Forgotten): Users can request deletion of their data under certain conditions.

• Right to Restrict Processing: Users can limit the processing of their personal data.

• Right to Data Portability: Users can request their data in a machine-readable format.

• Right to Object: Users can object to data processing for direct marketing or legitimate interest-based processing.

• Rights Related to Automated Decision-Making: Users have the right to request human intervention in automated decision-making processes.

3. Data Security Measures

To ensure GDPR compliance, we implement security measures such as:

• Encryption of sensitive data,

• Restricted access controls,

• Regular data audits and security assessments.

4. Data Breach Notification

In the event of a data breach, affected users will be notified in accordance with GDPR requirements.