At Metafic LLC, we are fully committed to compliance with the General Data Protection Regulation (GDPR) standards. This GDPR Compliance Policy outlines our practices and principles for ensuring the protection and responsible handling of personal data of our users, particularly those residing in the European Union.
Scope of Our Compliance
Our GDPR Compliance Policy applies to all personal data that we process, including data pertaining to our clients, employees, and website/app users. This policy is integral to our processes, from the collection and use of data to its storage and eventual disposal.
Principles of Data Processing
- Lawfulness, Fairness, and Transparency: We ensure all personal data is processed lawfully, fairly, and transparently, without adversely affecting the rights of the individual.
- Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
- Data Minimization: We only collect and process data that is necessary for the purposes for which it is collected.
- Accuracy: We take reasonable steps to ensure personal data is accurate and, where necessary, kept up to date.
- Storage Limitation: Personal data is retained only for as long as necessary for the purposes for which it is processed.
- Integrity and Confidentiality: Data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
Rights of Data Subjects
Under GDPR, individuals have the following rights:
- Right to Access: Individuals have the right to access their personal data and obtain information about how it is being processed.
- Right to Rectification: Individuals have the right to have inaccurate personal data corrected.
- Right to Erasure: Also known as the ‘right to be forgotten’, individuals can request the deletion of their data.
- Right to Restrict Processing: Individuals can request that the processing of their data be restricted.
- Right to Data Portability: Individuals have the right to receive their data in a structured, commonly used format.
- Right to Object: Individuals have the right to object to the processing of their data in certain circumstances.
Data Protection Officer (DPO)
We have appointed a Data Protection Officer (DPO) to oversee compliance with GDPR. The DPO is responsible for educating the company and conducting audits to ensure compliance, as well as being a point of contact for data subjects and the supervisory authority.
Data Breach Notification
In the event of a data breach, we will promptly notify the appropriate supervisory authority within 72 hours, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals. Affected individuals will also be notified if the breach is likely to result in a high risk to their rights and freedoms.
Training and Awareness
We regularly train our staff on GDPR compliance and data protection best practices to ensure awareness and understanding of the importance of protecting personal data.
Metafic LLC is committed to upholding the principles of GDPR and ensuring the privacy and security of all personal data we process. We continually review and update our practices to align with GDPR requirements and best practices in data protection.