ZIGLY GDPR Compliance Policy

1. Purpose

This policy establishes the guidelines and procedures that ZIGLY must follow to comply with the European Union’s General Data Protection Regulation (GDPR), ensuring the protection of personal data of all individuals whose data is processed by the company.

2. Scope

This policy applies to all employees, contractors, vendors, and third parties who have access to personal data processed by ZIGLY. It includes all data processing activities carried out within the European Economic Area (EEA) or related to the offering of goods or services to individuals within the EEA.

3. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation or set of operations performed on personal data, whether or not by automated means.
  • Data Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Data Processor: A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

4. Data Processing Principles

ZIGLY is committed to complying with the following principles outlined in the GDPR for all personal data processing activities:

  • Lawfulness, Fairness, and Transparency: Personal data will be processed lawfully, fairly, and transparently in relation to the data subject.
  • Purpose Limitation: Personal data will be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
  • Data Minimization: Personal data collected will be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
  • Accuracy: Personal data will be accurate and, where necessary, kept up to date.
  • Storage Limitation: Personal data will be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
  • Integrity and Confidentiality: Personal data will be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing, and against accidental loss, destruction, or damage.
  • Accountability: ZIGLY will be responsible for, and able to demonstrate compliance with, these principles.

5. Data Subject Rights

ZIGLY ensures that data subjects have the following rights concerning their personal data:

  • Right of Access: Data subjects have the right to obtain confirmation as to whether personal data concerning them is being processed, and access to the personal data.
  • Right to Rectification: Data subjects have the right to request the correction of inaccurate or incomplete personal data.
  • Right to Erasure (Right to be Forgotten): Data subjects have the right to request the deletion of their personal data in certain circumstances.
  • Right to Restriction of Processing: Data subjects can request the restriction of processing of their personal data under certain conditions.
  • Right to Data Portability: Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format, and to transmit those data to another controller.
  • Right to Object: Data subjects can object to the processing of their personal data under certain conditions.
  • Right Not to be Subject to Automated Decision-Making: Data subjects have the right not to be subject to decisions based solely on automated processing, including profiling.

6. Security Measures

ZIGLY will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk associated with personal data processing, including but not limited to:

  • Encryption of personal data.
  • Authentication and access control mechanisms.
  • Continuous assessment of the effectiveness of security measures.
  • Regular information security training for employees.

7. Data Breach Notification

In the event of a personal data breach, ZIGLY will notify the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after becoming aware of it. If the breach is likely to result in a high risk to the rights and freedoms of individuals, ZIGLY will also inform the affected data subjects without undue delay.

8. Data Protection Officer (DPO) Appointment

ZIGLY will appoint a Data Protection Officer (DPO) who will be responsible for overseeing the implementation of this policy, advising on GDPR obligations, and serving as a contact point for supervisory authorities.

9. Data Protection Impact Assessments (DPIAs)

Before initiating any data processing that may involve a high risk to the rights and freedoms of data subjects, ZIGLY will conduct a Data Protection Impact Assessment (DPIA) to identify and mitigate risks.

10. International Data Transfers

Transfers of personal data to other countries will only occur when an adequate level of data protection is ensured, in compliance with applicable data protection laws and regulations in relevant jurisdictions. ZIGLY will implement appropriate safeguards, such as contractual agreements or obtaining explicit consent from the data subjects, to protect personal data in line with local and international regulations.

11. Review and Update

This policy will be reviewed and updated periodically to ensure its continued relevance to applicable laws and best practices in data protection.

12. Consequences of Non-Compliance

Failure to comply with this policy by any employee or contractor of ZIGLY may result in disciplinary actions, including financial penalties, termination of employment, and/or legal liability.

 

Interested?


Start now! Schedule a free demo today and share your ideas with our team of experts. We love challenges!

Request Free Demo

Or contact us for more info.