At CAOA, we are committed to protecting the privacy and personal data of our users and clients. We understand the importance of complying with data protection laws, including the General Data Protection Regulation (GDPR).
This GDPR Statement outlines how we handle and process personal data in accordance with the GDPR's principles and requirements.
We only collect and process personal data when we have a lawful basis to do so. This includes:
- Explicit Consent — obtaining clear and informed consent from the data subject.
- Contractual Obligation — fulfilling contractual obligations to which the data subject is a party.
- Legal Requirements — complying with a legal obligation to which CAOA is subject.
- Vital Interests — protecting the vital interests of the data subject or another person.
- Public Interest — performing a task carried out in the public interest.
- Legitimate Interests — pursuing legitimate interests that are not overridden by the rights and freedoms of the data subject.
We collect and process personal data for specified and legitimate purposes. We clearly communicate the purposes of data collection and obtain consent when required.
Personal data is collected only to the extent necessary for fulfilling the specified purposes and is used solely for those purposes unless further consent is obtained or required by law.
We practice data minimization by limiting the collection and retention of personal data to what is necessary for the intended purposes.
We ensure that the personal data we process is relevant, accurate, and up-to-date. We do not store personal data longer than necessary or for purposes other than those specified.
Our principle: Collect only what is needed, retain only as long as required, and use only for the stated purpose.
We have implemented appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure.
We regularly assess and update our security practices to ensure the ongoing confidentiality, integrity, and availability of personal data.
We may share personal data with trusted third-party service providers and partners who assist us in delivering our products and services. These parties are bound by contractual obligations to handle personal data in accordance with applicable data protection laws.
We do not sell, rent, or trade personal data to third parties for marketing purposes.
We respect the rights of data subjects as defined by the GDPR. We provide mechanisms for data subjects to exercise these rights and respond promptly to such requests.
If personal data is transferred to countries outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect the data. This may include:
- Standard Contractual Clauses — implementing EU-approved standard contractual clauses.
- Privacy Shield Framework — relying on the Privacy Shield framework where applicable.
- Explicit Consent — obtaining explicit consent from the data subject for the transfer.
In the event of a data breach that poses a risk to individuals' rights and freedoms, we have procedures in place to promptly detect, investigate, and mitigate the breach.
If required by law, we will notify the relevant supervisory authority and affected individuals in a timely manner following the detection of a breach.
We have appointed a Data Protection Officer who oversees our data protection efforts and ensures compliance with applicable laws and regulations. The DPO serves as a point of contact for data subjects and supervisory authorities regarding privacy-related matters.
We regularly review and update our GDPR Statement to reflect any changes in our data processing activities, legal requirements, or best practices.
We encourage users and clients to review this statement periodically to stay informed about how we handle personal data.
At CAOA, we are committed to maintaining the highest standards of data protection and privacy. If you have any questions, concerns, or requests regarding our GDPR practices, please contact our Data Protection Officer.
Contact the DPOPlease note: This statement covers our GDPR-specific practices. For general information about our overall privacy practices, please refer to our Privacy Policy.