GDPR Statement
Importance of data protection laws with GDPR
At CAOA, we are committed to protecting the privacy and personal data of our users and clients. We understand the importance of complying with data protection laws, including the General Data Protection Regulation (GDPR). This GDPR Statement outlines how we handle and process personal data in accordance with the GDPR’s principles and requirements.
Lawful Basis for Processing
We only collect and process personal data when we have a lawful basis to do so. This includes obtaining explicit consent, fulfilling contractual obligations, complying with legal requirements, protecting vital interests, performing a task in the public interest, or pursuing legitimate interests that are not overridden by the rights and freedoms of the data subject.
Data Collection and Usage
We collect and process personal data for specified and legitimate purposes. We clearly communicate the purposes of data collection and obtain consent when required. Personal data is collected only to the extent necessary for fulfilling the specified purposes and is used solely for those purposes unless further consent is obtained or required by law.
Data Minimization
We practice data minimization by limiting the collection and retention of personal data to what is necessary for the intended purposes. We ensure that the personal data we process is relevant, accurate, and up-to-date. We do not store personal data longer than necessary or for purposes other than those specified.
Data Security
We have implemented appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure. We regularly assess and update our security practices to ensure the ongoing confidentiality, integrity, and availability of personal data.
Data Sharing and Third Parties
We may share personal data with trusted third-party service providers and partners who assist us in delivering our products and services. These parties are bound by contractual obligations to handle personal data in accordance with applicable data protection laws. We do not sell, rent, or trade personal data to third parties for marketing purposes.
Data Subject Rights
We respect the rights of data subjects as defined by the GDPR. This includes the right to access, rectify, erase, restrict processing, object to processing, data portability, and the right not to be subject to automated decision-making. We provide mechanisms for data subjects to exercise these rights and respond promptly to such requests.
International Data Transfers
If personal data is transferred to countries outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect the data. This may include implementing standard contractual clauses, relying on the Privacy Shield framework (where applicable), or obtaining explicit consent from the data subject.
Data Breach Notification
In the event of a data breach that poses a risk to individuals’ rights and freedoms, we have procedures in place to promptly detect, investigate, and mitigate the breach. If required by law, we will notify the relevant supervisory authority and affected individuals in a timely manner.
Data Protection Officer
We have appointed a Data Protection Officer (DPO) who oversees our data protection efforts and ensures compliance with applicable laws and regulations. The DPO serves as a point of contact for data subjects and supervisory authorities regarding privacy-related matters.
Updates to the GDPR Statement
We regularly review and update our GDPR Statement to reflect any changes in our data processing activities, legal requirements, or best practices. We encourage users and clients to review this statement periodically to stay informed about how we handle personal data.
At CAOA, we are committed to maintaining the highest standards of data protection and privacy. If you have any questions, concerns, or requests regarding our GDPR practices, please contact our Data Protection Officer at [DPO contact information].