Progress Towards Compliance with the Data Protection Act (DPA) and Our Commitment to Data Privacy
LAST UPDATED: JUNE 20, 2023
Navigating the Path to Data Protection: Our Progress Towards the Data Protection Act (DPA) Compliance and Commitment to Privacy
This Data Processing Addendum ("DPA") is incorporated by reference into EncreasL's Terms & Conditions or any other agreement governing the use of EncreasL's services ("Agreement") entered by and between you, the Customer (as defined in the Agreement) (collectively, "you", "your", "Customer"), and EncreasL.
By using our services, you accept this DPA and represent and warrant that you have full authority to bind the Customer to this DPA. If you cannot, or do not agree to, comply with and be bound by this DPA, or do not have authority to bind the Customer or any other entity, please do not provide Personal Data to us.
In case of any conflict between certain provisions of this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail over the conflicting provisions of the Agreement solely with respect to the Processing of Personal Data.
At EncreasL, we are dedicated to upholding the highest standards of data privacy and protection. As part of our ongoing efforts, we are making significant progress towards achieving full compliance with the Data Privacy Act of 2012 (Republic Act No. 10173). Our commitment to data privacy drives us to continually enhance our practices, ensuring that your personal information is handled with the utmost care and in accordance with applicable regulations.
With the evolving landscape of data protection, we recognize the importance of staying informed and adapting our processes accordingly. As we work towards complete compliance with the DPA, we are continuously reviewing and updating our policies and procedures to align with its requirements. Our goal is to provide you with the peace of mind that comes with knowing your data is in safe hands.
We understand that maintaining transparency is key to fostering trust and confidence. That is why we have developed a dedicated page that outlines our progress towards compliance with the Data Protection Act (DPA) and our unwavering commitment to data privacy. On this page, you will find comprehensive information about the steps we are taking, the measures we have implemented, and our ongoing journey towards achieving full compliance.
At EncreasL, we firmly believe that protecting your privacy is not just a legal obligation but a fundamental responsibility. We value the trust you place in us, and we are committed to earning and maintaining that trust through our dedication to data privacy and our continuous efforts towards DPA compliance.
1. Obtaining Consent
At EncreasL, we place the utmost importance on the privacy and protection of personal data entrusted to us by our customers and users. We operate with a firm commitment to conducting our data processing activities in strict compliance with applicable data protection laws, including the Data Protection Act (DPA) and other relevant regulations.
As a responsible data controller, we understand that obtaining explicit and informed consent is a critical aspect of ethical data processing. We recognize that consent serves as the cornerstone for empowering individuals to exercise control over their personal data. Through our comprehensive consent management practices, we ensure that individuals have a clear understanding of how their data will be collected, used, and protected.
Our approach to obtaining consent is rooted in the principles of lawfulness, fairness, and transparency, as mandated by the DPA. We go to great lengths to ensure that our consent process is robust, reliable, and compliant with the highest legal standards. To this end, we undertake the following measures:
1.1 Clear and Precise Information: We provide individuals with transparent and easily understandable information regarding the purposes, scope, and duration of data processing activities. Our privacy notices and consent forms are drafted in a clear, concise, and accessible manner, avoiding any ambiguity or jargon.
1.2 Unambiguous Expression of Consent: We require individuals to provide explicit and unambiguous consent, leaving no room for misinterpretation. Consent is sought through affirmative actions, such as ticking a box, selecting options, or providing a clear statement of agreement.
1.3 Granular Consent Options: We offer individuals granular choices and preferences regarding the specific types of data processing they consent to. This ensures that individuals can exercise control over their data and make informed decisions based on their preferences.
1.4 Freely Given Consent: We ensure that consent is freely given, without any form of coercion, undue influence, or negative consequences for individuals who choose not to provide consent. Individuals have the right to withhold or withdraw their consent at any time without facing any disadvantages.
1.5 Consent Records: We maintain detailed records of consent obtained from individuals, including the date, time, and specific information provided during the consent process. These records serve as crucial evidence of compliance with the DPA and other applicable regulations.
1.6 Re-Consent Mechanisms: We periodically review and update our consent processes to ensure ongoing compliance with evolving legal requirements. If there are material changes to the processing activities that require renewed consent, we seek fresh consent from individuals, keeping them informed and empowered throughout the process.
1.7 Consent Revocation: We respect individuals' rights to revoke their consent at any time. We provide straightforward mechanisms for individuals to withdraw their consent and promptly implement their requests, ensuring their choices are honored and respected.
As part of our commitment to data protection, we constantly monitor regulatory updates and guidelines to ensure that our consent management practices remain in full compliance with the DPA and other relevant data protection laws. We work diligently to protect the privacy and rights of individuals while fostering a trusted and transparent relationship with our customers and users.
By adhering to these rigorous consent practices, we demonstrate our unwavering dedication to upholding the highest standards of data protection and privacy. At EncreasL, we recognize that consent is not just a legal requirement but also an ethical obligation. We firmly believe that by obtaining informed consent, we empower individuals to make informed choices regarding their personal data, thereby fostering a climate of trust and respect.
Should you have any questions or require further information regarding our consent management practices or our commitment to data protection, please do not hesitate to contact us at [email protected].
2. Ensuring Strong Data Security: Passwords and Security Measures
At EncreasL, we prioritize the security and confidentiality of the data entrusted to us by our valued customers and users. We understand the critical role that strong data security plays in safeguarding sensitive information and protecting against unauthorized access, disclosure, alteration, or destruction. As a responsible data controller, we adhere to the highest standards of data protection, including the requirements outlined in the Data Protection Act (DPA) and other applicable regulations.
Passwords and security measures are fundamental elements of our comprehensive data security strategy. We recognize that robust password practices and stringent security measures form the first line of defense against unauthorized access to personal data. By implementing industry-leading practices and leveraging cutting-edge technologies, we ensure that our systems and infrastructure remain highly secure.
Our commitment to data security encompasses the following key aspects:
2.1 Password Management: We employ stringent password management practices to prevent unauthorized access to personal data. Our systems enforce strong password requirements, including complexity, length, and regular password rotation. We strictly prohibit the sharing of passwords and encourage individuals to use unique, non-trivial passwords for their accounts.
2.2 Two-Factor Authentication (2FA): As an additional layer of security, we provide two-factor authentication mechanisms to further protect user accounts. By requiring an additional verification step, such as a unique code sent to a mobile device, we significantly reduce the risk of unauthorized access, even in the event of compromised passwords.
2.3 Encryption: We utilize state-of-the-art encryption techniques to protect personal data both during transit and at rest. Encryption ensures that even if data is intercepted or accessed without authorization, it remains unreadable and unusable. This robust encryption protocol safeguards the confidentiality and integrity of sensitive information.
2.4 Access Control: We implement strict access controls to limit data access to authorized personnel only. Our systems incorporate role-based access controls, ensuring that individuals can only access data necessary for performing their specific duties. Regular access reviews and audits are conducted to maintain a high level of accountability and minimize the risk of unauthorized data exposure.
2.5 Employee Training: We understand that our employees play a critical role in maintaining data security. Therefore, we provide comprehensive training programs to our staff members, emphasizing the importance of data protection, secure password practices, and the responsible use of information systems. Through continuous education, we promote a culture of data security awareness and accountability.
2.6 Incident Response Plan: Despite our best efforts, security incidents may still occur. To mitigate potential risks, we have established a robust incident response plan. This plan outlines predefined steps to be taken in the event of a security incident, including prompt detection, containment, and resolution. We strive to minimize the impact of any potential breach and take necessary actions to prevent future occurrences.
2.7 Regular Audits and Assessments: We conduct regular audits and assessments of our data security practices to identify vulnerabilities and ensure compliance with the DPA and other relevant regulations. By proactively reviewing and evaluating our security measures, we continually improve our systems to address emerging threats and maintain a robust security posture.
At EncreasL, we recognize that data security is an ongoing endeavor and a shared responsibility. We remain committed to staying abreast of the latest technological advancements and industry best practices to enhance the security of our customers' data. By implementing stringent password policies, employing advanced encryption techniques, enforcing access controls, and fostering a culture of security awareness, we strive to provide the highest level of data protection to our valued stakeholders.
Should you have any questions or require further information about our data security practices or our commitment to protecting your data, please do not hesitate to contact us at [email protected].
3. Enhancing Data Security: Encryption Measures
At EncreasL, we place utmost importance on safeguarding the confidentiality and integrity of the personal data entrusted to us. As part of our commitment to data security, we employ robust encryption measures to protect your sensitive information. This comprehensive approach ensures that your data remains secure throughout its lifecycle.
Encryption serves as a fundamental pillar of our data protection strategy. It involves converting your personal data into an encoded form that can only be deciphered with the use of a unique decryption key. By implementing strong encryption protocols, we mitigate the risk of unauthorized access, interception, or tampering of your data.
Our encryption measures adhere to the requirements outlined in the Data Protection Act (DPA) and other relevant data protection regulations. These measures are designed to provide a high level of assurance regarding the confidentiality, integrity, and availability of your personal data.
When data is transmitted over communication channels, such as during online interactions or data transfers, we employ secure communication protocols. This ensures that your data is encrypted during transit, minimizing the risk of interception or unauthorized access.
In addition to protecting data in transit, we also prioritize encryption for data at rest. This means that your personal data stored within our systems and databases is encrypted to prevent unauthorized access in the event of a security breach or unauthorized physical access.
We continuously assess and update our encryption measures to align with the latest industry standards and best practices. Our dedicated team of data security professionals works diligently to implement robust encryption algorithms, key management practices, and secure storage mechanisms.
As an integral part of our commitment to data security, we conduct regular audits and assessments to ensure compliance with the DPA and other applicable regulations. These measures enable us to identify any potential vulnerabilities and address them promptly, further enhancing the security of your data.
At EncreasL, we understand the importance of earning and maintaining your trust. Should you have any questions or require further information about our encryption measures or our commitment to data security, please do not hesitate to contact us at [email protected]. We are dedicated to addressing any concerns you may have and ensuring the utmost protection of your personal information.
By employing strong encryption measures, we strive to provide you with peace of mind, knowing that your personal data is safeguarded at all times.
4. Restricting Access: Authorized Personnel Only
At EncreasL, protecting the confidentiality and privacy of your personal data is of paramount importance to us. We understand that restricting access to your information is vital in maintaining its integrity and ensuring that it is handled securely. Therefore, we implement stringent measures to ensure that only authorized personnel have access to your data.
We adhere to the principles outlined in the Data Protection Act (DPA) and other applicable data protection regulations, which emphasize the need to limit access to personal data to individuals who have a legitimate purpose for accessing it.
Our access control measures are designed to prevent unauthorized disclosure, alteration, or destruction of your personal data. We employ a combination of technical and organizational measures to enforce access restrictions effectively.
4.1 Technical Measures:
a. User Authentication: We utilize robust user authentication mechanisms to verify the identity of individuals accessing the system. This involves the use of unique usernames and passwords, multi-factor authentication, or other secure authentication methods.
b. Role-Based Access Control (RBAC): Access privileges are assigned based on predefined roles and responsibilities within our organization. This ensures that individuals only have access to the data necessary for them to perform their specific tasks.
c. Strong Password Policies: We enforce strict password policies to ensure that passwords are strong, unique, and regularly updated. This reduces the risk of unauthorized access due to weak or compromised passwords.
4.2 Organizational Measures:
a. Need-to-Know Basis: We follow the principle of "need-to-know" when granting access to personal data. Only individuals who require access for legitimate business purposes are granted permission, based on their roles and responsibilities.
b. Confidentiality Agreements: Our employees, contractors, and third-party service providers are bound by confidentiality agreements that highlight their obligations to maintain the confidentiality of personal data they handle.
c. Training and Awareness: We provide regular training and awareness programs to our personnel regarding data protection, including the importance of access restrictions, handling sensitive information, and the consequences of unauthorized access.
We conduct regular audits and assessments to monitor and evaluate the effectiveness of our access control measures. This ensures ongoing compliance with the DPA and other relevant regulations.
4.3 Authorized Affiliates
a. Contractual Relationship:
By executing the Data Protection Agreement (DPA), the Customer acknowledges that they are entering into the DPA on behalf of themselves and their Authorized Affiliates. This means that the Customer represents and binds their Authorized Affiliates to comply with the obligations set forth in this DPA. If EncreasL processes personal data on behalf of the Authorized Affiliates, they are considered the "Controller" under this DPA. It is crucial that all access to and use of our services by Authorized Affiliates align with the terms and conditions stated in the Agreement and this DPA. Any violation of these terms and conditions by an Authorized Affiliate shall be considered a violation by the Customer.
b. Communication:
To ensure efficient communication and streamlined coordination, the Customer retains the responsibility for coordinating all communication with EncreasL under the Agreement and this DPA. As such, the Customer is entitled to make and receive any communication related to this DPA on behalf of their Authorized Affiliates. This approach facilitates effective collaboration and ensures that all parties involved understand and comply with the obligations and requirements outlined in the DPA.
At EncreasL, we prioritize your privacy and the security of your personal data. Should you have any questions or require further information about our access control measures or our commitment to data security, please do not hesitate to contact us at [email protected]. We are dedicated to addressing any concerns you may have and ensuring that your personal information remains protected by restricting access to authorized personnel only.
By implementing strict access control measures, we strive to provide you with peace of mind, knowing that your personal data is handled with the utmost confidentiality and accessed only by those individuals who have a legitimate need to do so.
5. Building a Culture of Data Privacy and Security: Training for Personnel
At EncreasL, we are committed to fostering a culture of data privacy and security within our organization. We understand that our personnel play a critical role in safeguarding the personal data entrusted to us. Therefore, we have implemented comprehensive training programs to ensure that all employees are equipped with the necessary knowledge and skills to protect and handle data in accordance with applicable data protection laws, including the requirements set forth in the Data Protection Agreement (DPA).
5.1 Training Programs:
We have developed robust training programs designed to educate our personnel on the importance of data privacy and security, as well as their responsibilities in handling personal data. Our training covers a wide range of topics, including the principles of data protection, the lawful basis for data processing, individuals' rights, and the secure handling and storage of personal data. We also emphasize the significance of complying with the DPA and relevant data protection regulations.
5.2 Regular Updates and Refresher Courses:
Data privacy and security landscape is dynamic, with new risks and challenges emerging constantly. To ensure that our personnel stay informed and up-to-date, we conduct regular updates and refresher courses on data protection practices. These initiatives enable our employees to stay abreast of the latest developments, regulatory changes, and best practices in the field. By continuously enhancing their knowledge, we reinforce our commitment to maintaining the highest standards of data privacy and security.
5.3 Compliance Monitoring:
We understand that training alone is not sufficient. To ensure effective implementation of data privacy and security practices, we have established a robust compliance monitoring framework. This includes regular assessments and audits to evaluate the adherence of our personnel to the training programs and the DPA. Through these monitoring efforts, we can identify areas for improvement, address any non-compliance issues promptly, and reinforce our commitment to maintaining a strong culture of data privacy and security.
5.4 Documentation and Record-Keeping:
We maintain comprehensive documentation and records of our training programs to demonstrate our commitment to training personnel on data privacy and security matters. These records serve as evidence of our compliance with the DPA and provide transparency in our efforts to uphold data protection standards. Furthermore, these documents are available for review by relevant authorities to demonstrate our commitment to fulfilling our obligations under the DPA.
5.5 Continuous Improvement:
EncreasL is dedicated to continuous improvement in our data privacy and security practices. We regularly assess the effectiveness of our training programs and seek feedback from our personnel to identify areas for enhancement. By leveraging these insights, we refine our training initiatives to ensure that they remain relevant, engaging, and aligned with the evolving data protection landscape.
Building a culture of data privacy and security is a collective effort that requires the active participation and commitment of every individual within our organization. Through comprehensive training, regular updates, compliance monitoring, and continuous improvement, EncreasL strives to empower our personnel to protect personal data and uphold the principles of the DPA.
If you have any questions or require further information about our training programs or our commitment to building a culture of data privacy and security, please do not hesitate to contact us at [email protected]. We are here to address any concerns and ensure that our personnel are well-equipped to safeguard your personal information.
6. Data Breach Response and Incident Management
At EncreasL, we prioritize the security and protection of personal data. We maintain industry-standard technical and organizational measures to ensure the confidentiality, integrity, and availability of the personal data processed under our responsibility. These measures are designed to protect against unauthorized or unlawful processing, accidental or unlawful destruction, loss or alteration, unauthorized disclosure, or access to personal data.
6.1 Controls for the Protection of Personal Data:
We implement and maintain appropriate technical and organizational measures in accordance with the Security Documentation, which encompasses the necessary safeguards to protect personal data. These measures are regularly reviewed, updated, and amended as needed to align with industry standards and best practices. Upon your reasonable request, we will assist you in ensuring compliance with the obligations outlined in Articles 32 to 36 of the General Data Protection Regulation (GDPR), considering the nature of the processing and the information available to us. Any assistance provided will be subject to the provisions of Section 11.1 of the Data Protection Agreement (DPA) and at your cost.
6.2 Audits and Inspections:
We understand the importance of transparency and accountability in data processing activities. Upon your written request, with a minimum notice period of 14 days and at reasonable intervals (not exceeding once every 12 months), we will make available to you, or your independent, reputable, third-party auditor, the information necessary to demonstrate compliance with the DPA. The auditor must not be a competitor of EncreasL and must adhere to strict confidentiality undertakings. We also allow and contribute to audits and inspections conducted by your auditors, ensuring compliance with the DPA. The information, audits, inspections, and their results shall be used by you solely for assessing compliance with the DPA and shall not be disclosed to any third party without our prior written approval. Any records or documentation provided by us in the context of the audit or inspection shall be returned upon our first request.
Please note that if the Standard Contractual Clauses apply, this Section 6.2 does not modify or vary the Standard Contractual Clauses, nor does it affect the rights of Supervisory Authorities or Data Subjects under the Standard Contractual Clauses.
6.3 Responsibility during Audits or Inspections:
During the audit or inspection process as described above, you and your auditors must ensure that no damage, injury, or disruption is caused to EncreasL's premises, equipment, personnel, or business. We expect you to take necessary precautions to minimize any potential impact while conducting the audit or inspection.
6.4 Audit Rights under Data Protection Laws:
The audit rights outlined in Section 6.2 above are applicable unless the Agreement already provides you with audit rights that meet the relevant requirements of Data Protection Laws, including Article 28(3)(h) of the GDPR or the UK GDPR.
EncreasL prioritizes the security of personal data and has implemented robust security incident management policies and procedures. In the event of a Data Incident, where there is accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to Personal Data processed by us on behalf of the Customer, we will promptly notify you without undue delay, as required by applicable Data Protection Laws.We are committed to taking necessary and reasonable steps to identify, remediate, and mitigate the causes of such Data Incidents within our reasonable control. However, it is important to note that our obligations with regard to Data Incidents do not extend to incidents caused by the Customer or any individuals using our services on the Customer's behalf.We kindly request that you refrain from making any findings, admissions of liability, communications, notices, press releases, or reports regarding Data Incidents that directly or indirectly identify EncreasL without our prior written approval. This includes any disclosures in legal proceedings, notifications to regulatory or supervisory authorities, or affected individuals. However, if compelled to disclose such information by applicable Data Protection Laws, we ask that you provide us with reasonable prior written notice to allow us the opportunity to object to the disclosure. Furthermore, we request that any disclosures be limited to the minimum scope necessary, unless prohibited by such laws.We remain committed to maintaining the confidentiality and privacy of Personal Data and appreciate your cooperation in handling any Data Incidents in a responsible and legally compliant manner.Should you have any further questions or require additional information regarding our approach to security incidents, please do not hesitate to contact us at [email protected]. We are here to assist you and ensure the protection of your data in accordance with applicable Data Protection Laws.
Should you have any further questions or require additional information regarding our approach to security incidents, please do not hesitate to contact us at [email protected]. We are here to assist you and ensure the protection of your data in accordance with applicable Data Protection Laws.
7. Transparent Data Collection and Use Practices
EncreasL is committed to maintaining the highest standards of transparency when it comes to the collection and use of personal data. We understand the importance of safeguarding the privacy and confidentiality of individuals' information, and we strive to ensure that our data collection and use practices are clear, comprehensive, and in compliance with applicable data protection laws, including the Data Protection Act (DPA).
7.1 Sub-Processor
a. Appointment of Sub-processors. EncreasL acknowledges and agrees that, as a startup digital marketing agency, it may engage third-party Sub-processors in connection with the provision of the Service.
b. Notification of New Sub-processors.
c. EncreasL will notify Customer in writing of any new Sub-processors engaged to process Personal Data on behalf of EncreasL in the provision of the Service.
d. Customer may reasonably object to the use of a new Sub-processor by providing written notice to EncreasL within a reasonable time period after receiving the notification. The objection should outline the reasons for objecting to the new Sub-processor.
e. If Customer reasonably objects to a new Sub-processor, EncreasL will work with Customer in good faith to address the objection and find a suitable resolution. This may include exploring alternative options or implementing additional safeguards to protect the Personal Data.
f. Data Protection Obligations. EncreasL ensures that any Sub-processors it engages for carrying out specific Processing activities on behalf of the Customer will be subject to appropriate data protection obligations. These obligations will be imposed on the Sub-processors through contractual agreements, which include provisions to implement appropriate technical and organizational measures to meet the requirements of applicable data protection laws.
g. Responsibility for Sub-processor Compliance. EncreasL remains responsible for the performance of its Sub-processors' data protection obligations. In the event that a Sub-processor fails to fulfill its data protection obligations, EncreasL will take appropriate measures to address the non-compliance and mitigate any potential impact on the Personal Data.
Please note that as a startup digital marketing agency, EncreasL may engage Sub-processors to assist with the provision of the Service. While specific details regarding the Sub-processors are not provided, EncreasL acknowledges its responsibility to ensure compliance with data protection laws and to engage Sub-processors who meet the necessary standards for protecting Personal Data.
7.2 Purpose and Lawful Basis for Data Collection:
EncreasL collects personal data for specified, explicit, and legitimate purposes. We only collect data that is necessary for the provision of our services and to fulfill our contractual obligations. The lawful basis for data collection is established in accordance with the DPA, which may include the necessity of processing for the performance of a contract, compliance with legal obligations, or consent obtained from the data subject.
7.3 Types of Data Collected:
EncreasL collects personal data that is relevant and necessary for the specific purposes for which it is collected. This may include, but is not limited to, the following types of data:
a. Contact information: such as name, address, email address, and phone number.
b. Demographic information: such as age, gender, and occupation.
c. Account information: such as username, password, and preferences.
d. Transaction data: such as purchase history and payment details.
e. Communication data: such as correspondence and interactions with our representatives.
7.4 Data Collection Methods:
EncreasL utilizes various methods to collect personal data, ensuring that such collection is lawful, fair, and transparent. These methods may include:
a. Direct interactions: when individuals provide their information directly to us through our website, forms, or communication channels.
b. Automated technologies: when data is collected through cookies, tracking tools, or other automated means, in accordance with applicable laws and regulations.
c. Third-party sources: when data is obtained from trusted third parties, ensuring that appropriate consent or legal grounds are established for such data sharing.
7.5 Use of Personal Data:
EncreasL uses the collected personal data for legitimate purposes related to our business activities. These purposes may include:
a. Providing and improving our services: to fulfill customer requests, manage accounts, and deliver a personalized user experience.
b. Communication and support: to respond to inquiries, provide information, and address customer concerns.
c. Marketing and promotions: to offer relevant products, services, and promotional materials, with appropriate consent obtained where required.
d. Compliance and legal obligations: to comply with applicable laws, regulations, and contractual requirements.
7.6 Data Retention and Security:
EncreasL retains personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law or justified by a legitimate business need. We employ appropriate security measures to protect personal data against unauthorized access, disclosure, alteration, or destruction, in accordance with the requirements set forth in the DPA.
7.7 Individual Rights and Contact Information:
EncreasL respects individuals' rights regarding their personal data. Under the DPA, individuals have the right to access, rectify, restrict processing, and delete their personal data, as well as the right to object to processing and data portability. To exercise these rights or for any inquiries regarding our data collection and use practices, individuals may contact us at the provided contact details below.
Should you have any questions or require further information about our transparent data collection and use practices or our commitment to protecting your data, please do not hesitate to contact us at [email protected]. We are here to address any concerns and ensure your peace of mind regarding the security and privacy of your personal information.
By engaging with EncreasL and providing your personal data, you acknowledge that you have read and understood our data collection and use practices as
8. Ensuring Lawfulness, Fairness, and Transparency in Personal Data Processing
EncreasL is dedicated to upholding the principles of lawfulness, fairness, and transparency in the processing of personal data. We understand the significance of protecting individuals' privacy rights and strive to ensure that our data processing practices comply with applicable data protection laws, including the Data Protection Act (DPA). This comprehensive statement outlines our commitment to these principles and explains how we handle cross-border data transfers.
8.1 Lawfulness of Personal Data Processing:
EncreasL ensures that all personal data processing activities are conducted in accordance with the law. We establish a lawful basis for processing personal data as required by the DPA. These legal bases may include the necessity of processing for the performance of a contract, compliance with legal obligations, protection of vital interests, consent obtained from the data subject, or legitimate interests pursued by EncreasL or a third party.
8.2 Fairness and Transparency:
EncreasL emphasizes fairness and transparency in its personal data processing practices. We are committed to providing individuals with clear and concise information about the processing of their personal data. This includes informing individuals about the purposes for which their data is collected, the categories of data collected, the legal basis for processing, the retention periods, and their rights in relation to their personal data.
8.3 Cross-Border Data Transfers:
As an international business, EncreasL may need to transfer personal data across borders. We ensure that such transfers are conducted in compliance with applicable data protection laws. These measures may include implementing appropriate safeguards, such as standard contractual clauses, binding corporate rules, or relying on recognized data protection adequacy mechanisms.
8.4 Data Subject Rights:
EncreasL respects the rights of individuals regarding their personal data. In accordance with the DPA, data subjects have the right to:
a. Access their personal data held by EncreasL and obtain information about how it is being processed.
b. Rectify any inaccuracies or incomplete information in their personal data.
c. Object to the processing of their personal data based on legitimate interests or for direct marketing purposes.
d. Request the erasure of their personal data, subject to any legal obligations or legitimate grounds for retention.
e. Restrict the processing of their personal data under certain circumstances.
f. Receive their personal data in a structured, commonly used, and machine-readable format and transmit it to another controller (data portability).
g. Withdraw consent at any time, where processing is based on consent.
8.5 Contact Information:
If you have any questions or concerns regarding EncreasL's personal data processing practices or would like to exercise your rights as a data subject, please contact our Data Protection Officer at [email protected] We are dedicated to addressing your inquiries promptly and ensuring the protection of your personal data.
By engaging with EncreasL and providing your personal data, you acknowledge that you have read and understood our commitment to ensuring lawfulness, fairness, and transparency in personal data processing. We are firmly committed to protecting your privacy rights and maintaining the highest standards of data protection in all our business operations.
9. Purpose Limitation in Personal Data Processing
9.1 PROCESSING OF PERSONAL DATA
a. Roles of the Parties. The Parties acknowledge and agree that in relation to the Processing of Personal Data on behalf of Customer, (i) Customer is the Controller of Personal Data, (ii) EncreasL acts as the Processor of such Personal Data. The terms "Controller" and "Processor" used below refer to Customer and EncreasL, respectively.
b. Customer's Processing of Personal Data. When using the Service and providing instructions to the Processor, Customer shall comply with Data Protection Laws. Customer is responsible for establishing the necessary legal bases to collect, Process, and transfer Personal Data to EncreasL, as well as authorizing the Processing activities carried out by EncreasL. This includes the pursuit of 'business purposes' as defined under the CCPA.
c. EncreasL's Processing of Personal Data. While Processing Personal Data on behalf of Customer under the Agreement, EncreasL shall undertake the following purposes: (i) Processing in accordance with the Agreement and this Data Processing Addendum (DPA); (ii) Processing as part of the Services provided to Customer; (iii) Processing in compliance with Customer's reasonable and documented instructions, provided such instructions align with the terms of the Agreement; (iv) anonymizing Personal Data to render it fully anonymous, non-identifiable, and non-personal in accordance with recognized standards under Data Protection Laws and relevant guidance; (v) Processing as required by the laws applicable to EncreasL, and/or as mandated by a court of competent jurisdiction or other competent governmental or semi-governmental authority. In such cases, EncreasL shall inform Customer of the legal requirement before Processing, unless such disclosure is prohibited on important grounds of public interest.
EncreasL shall promptly notify Customer if, in its opinion, an instruction for the Processing of Personal Data provided by Customer violates applicable Data Protection Laws. If EncreasL cannot comply with an instruction from Customer, EncreasL shall: (i) inform Customer, providing relevant details of the issue; (ii) temporarily suspend all Processing of the affected Personal Data (except for secure storage) and/or suspend Customer's access to the Services, without incurring any liability to Customer; (iii) if the Parties cannot reach a resolution to the issue and its associated costs, Customer may choose to terminate the Agreement and this DPA solely with respect to the affected Processing, as its sole remedy. In such cases, Customer shall settle all amounts owed to EncreasL or due before the termination date. Customer will not have any further claims against EncreasL (including, without limitation, refund requests for the Service) resulting from the termination of the Agreement and the DPA as described in this paragraph.
d. Details of the Processing. The Processing of Personal Data by EncreasL is performed to fulfill the Service as outlined in the Agreement. The duration, nature, and purpose of the Processing, as well as the types of Personal Data
and categories of Data Subjects involved, are further specified in Schedule 1 (Details of Processing) of this DPA.
e. Sensitive Data. The Parties acknowledge that the Services are not intended for the processing of Sensitive Data. If Customer intends to process Sensitive Data using the Services, Customer must first obtain explicit prior written consent from EncreasL and enter into any additional agreements required by EncreasL.
f. CCPA Standard of Care; No Sale of Personal Information. EncreasL acknowledges and confirms that it does not receive or process any Personal Information as consideration for the services or any other items that EncreasL provides to Customer under the Agreement. EncreasL shall not have, derive, or exercise any rights or benefits regarding Personal Information Processed on Customer's behalf, and may use and disclose Personal Information solely for the purposes for which such Personal Information was provided to EncreasL, as stipulated in the Agreement and this DPA. EncreasL certifies that it understands the rules, requirements, and definitions of the CCPA and agrees to refrain from selling (as defined in the CCPA) any Personal Information Processed hereunder without Customer's prior written consent. EncreasL also commits not to take any action that would cause any transfer of Personal Information to or from EncreasL under the Agreement or this DPA to qualify as "selling" such Personal Information under the CCPA.
9.2 DETAILS OF THE PROCESSING
Nature and Purpose of Data Processing
EncreasL's processing activities serve the following purposes:
a. Providing the Service to Customer;
b. Carrying out the obligations under the Agreement, this Data Processing Addendum (DPA), and any other mutually agreed contracts;
c. Executing Customer's instructions, provided they align with the terms of the Agreement;
d. Facilitating the sharing of Personal Data with third parties as instructed by Customer or as required for the proper functioning of integrated third-party services used in conjunction with the Services;
e. Ensuring compliance with applicable laws and regulations;
f. Performing any tasks related to the above purposes.
Duration of Data Processing
Unless otherwise specified in the DPA or the Agreement regarding the duration and consequences of data processing upon expiration or termination, EncreasL will process Personal Data in accordance with the DPA and Agreement for the duration of the Agreement, unless mutually agreed upon in writing.
Types of Personal Data
Customer has the sole discretion to determine and control the extent of Personal Data submitted to the Services.
Categories of Individuals (Data Subjects)
The Personal Data submitted to the Services by Customer may pertain to the following categories of individuals:
a. Employees, agents, advisors, and freelancers associated with Customer (natural persons);
b. Prospects, customers, business partners, and vendors of Customer (natural persons);
c. Employees or contact persons of Customer's prospects, customers, business partners, and vendors;
d. Visitors to Customer's online assets, as well as customers and consumers utilizing Customer's services;
e. Any other natural person whose Personal Data is intentionally processed by Customer through the Services.
Should you have any questions or require further information regarding the Purpose Limitation in Personal Data Processing, please do not hesitate to contact us at [email protected].
10. Minimizing Data Collection: Collecting Only What is Necessary
At EncreasL, we prioritize the principle of data minimization and strive to collect and process only the personal data that is essential for the provision of our services. We understand the significance of responsible data handling, and we are committed to complying with applicable data protection laws and regulations to protect individuals' privacy rights.
Our approach to data minimization is guided by the provisions set forth in the Data Protection Addendum (DPA) that governs our data processing activities. We adhere to the following key aspects to ensure we collect only what is necessary:
10.1 Purpose-driven Data Collection: We collect personal data solely for specific and legitimate purposes related to the provision of our services. Before collecting any data, we carefully evaluate and determine the purpose for which it is being collected, ensuring it aligns with the agreed-upon contractual obligations with our customers.
10.2 Relevance and Necessity: We strictly limit the collection of personal data to what is directly relevant and necessary to fulfill the intended purpose. We avoid gathering excessive or unnecessary data points that are unrelated to the services we provide.
10.3 Informed Consent: When collecting personal data, we obtain informed consent from individuals, providing clear and concise information about the data we collect, how it will be processed, and the rights individuals have regarding their data. We ensure transparency by clearly communicating the purpose of data collection and any third parties involved in the processing, as required by the DPA.
10.4 Data Accuracy and Currency: We take measures to maintain the accuracy and currency of the personal data we collect. We regularly review and update the data to ensure its relevance and reliability for the intended purpose. Outdated or inaccurate data is securely deleted or anonymized to uphold data quality.
10.5 Data Retention: We retain personal data only for as long as necessary to fulfill the specified purpose or as required by applicable laws and regulations. Once the purpose is fulfilled, we securely dispose of or anonymize the data, minimizing the risk of unauthorized access or misuse.
By adhering to these principles, we reduce the risks associated with unnecessary data collection, safeguard individuals' privacy rights, and enhance the overall security of the personal data entrusted to us.
In our commitment to data minimization, we employ robust technical and organizational measures to ensure the confidentiality, integrity, and availability of the collected data. We continuously evaluate and improve our data processing practices to align with evolving data protection standards.
At EncreasL, we value the trust placed in us by our customers and prioritize the privacy and security of personal data. Our dedication to data minimization, as outlined in the DPA, reflects our commitment to responsible data handling and protection of individuals' privacy rights.
If you have any specific inquiries or concerns regarding our data collection practices or our commitment to data minimization, please don't hesitate to reach out to us at [email protected].
11. Maintaining Data Accuracy and Storage Limitation
At EncreasL, we place great importance on maintaining data accuracy and storage limitation to ensure the integrity and security of personal data entrusted to us. As a responsible data processor, we adhere to the provisions outlined in the Data Protection Addendum (DPA), which governs our data processing practices. Our commitment to data accuracy and storage limitation is driven by our dedication to upholding the privacy rights of individuals and complying with applicable data protection laws and regulations.
1I.1 Data Accuracy
a. Data Quality Assurance: We take proactive measures to maintain the accuracy and currency of personal data under our control. We implement processes and procedures to ensure that the personal data we collect and process is complete, up to date, and relevant to the intended purpose for which it was collected.
b. Data Verification: We verify the accuracy of personal data by employing suitable means, including periodic review and validation processes. This helps us identify and rectify any inaccuracies or inconsistencies in the data, ensuring its reliability and integrity.
11.2 Data Updates and Corrections
a. Individual Rights: We respect individuals' rights to access, update, and correct their personal data. Upon receiving a verified request from an individual to update or correct their data, we promptly take necessary actions to ensure that the data is accurate and reflective of the individual's current information.
b. Data Integrity Obligations: We proactively monitor and maintain the accuracy of personal data throughout its lifecycle, including during the data collection process, storage, and any subsequent processing activities. This ensures that the data we hold remains accurate and reliable over time.
11.3 Data Storage Limitation
a. Retention Period: We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws and regulations. We establish and adhere to specific retention periods based on legal requirements, contractual obligations, and business needs.
b. Secure Data Disposal: Once the retention period expires or the data is no longer necessary, we securely dispose of the personal data. We use appropriate methods, such as secure deletion or anonymization, to prevent unauthorized access, loss, or misuse of the data.
11.4 Data Minimization
a. Collecting Essential Data: We collect and process only the personal data that is necessary and relevant to the intended purpose. We avoid collecting excessive or unnecessary data points that are not directly related to the services we provide.
b. Purpose Limitation: The personal data we collect is solely used for the purposes outlined in the DPA and the agreements with our customers. We do not utilize personal data for any unrelated or incompatible purposes without obtaining the necessary legal basis and consent, as required by applicable data protection laws.
11.5 Data Security Measures
a. Secure Data Storage: We implement appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of the personal data we store. These measures include encryption, access controls, secure storage facilities, and regular security audits.
b. Data Breach Response: In the event of a data breach or unauthorized access, we have established incident response procedures to mitigate the impact, promptly notify the relevant authorities, and inform affected individuals as required by applicable data protection laws.
By adhering to these principles of maintaining data accuracy and storage limitation, we strive to ensure the reliability, integrity, and security of personal data entrusted to us. Our commitment to data accuracy and storage limitation is a fundamental aspect of our dedication to protecting individuals' privacy and complying with the DPA and other applicable data protection regulations.
If you have any specific inquiries or concerns regarding our data accuracy or storage limitation practices, or if you would like to exercise your rights under the DPA, please do not hesitate to contact us at [email protected].
12. Protecting The Integrity and Confidentiality of Personal Data
EncreasL is dedicated to safeguarding the integrity and confidentiality of Personal Data in accordance with the provisions set forth in the Data Protection Agreement (DPA). We understand the importance of maintaining the highest level of security and confidentiality when processing and handling Personal Data. This commitment encompasses various aspects, including:
12.1 Implementing Technical and Organizational Measures:
EncreasL employs a comprehensive set of technical and organizational measures to ensure the integrity and confidentiality of Personal Data. These measures are designed to protect against unauthorized access, alteration, disclosure, or destruction of Personal Data, as well as to mitigate the risk of data breaches.
12.2 Access Control:
EncreasL strictly controls access to Personal Data, allowing only authorized personnel who require access to carry out their specific responsibilities. Access rights are granted based on the principle of least privilege, ensuring that individuals have access only to the Personal Data necessary for their assigned tasks.
12.3 Data Encryption:
To protect the confidentiality of Personal Data during transmission and storage, EncreasL utilizes industry-standard encryption protocols. These encryption measures are designed to prevent unauthorized parties from intercepting or accessing Personal Data.
12.4 Data Backups and Recovery:
EncreasL maintains regular data backups to ensure the availability and integrity of Personal Data. These backups are securely stored and are subject to the same stringent security measures as the primary data. In the event of a data loss or system failure, EncreasL has established procedures for timely data recovery.
12.5 Incident Response and Data Breach Management:
EncreasL has implemented an incident response plan to promptly address and manage any potential data breaches or security incidents. This includes procedures for detecting, reporting, assessing, and responding to security incidents, as well as the necessary steps to mitigate any impact on Personal Data.
12.6 Confidentiality:
EncreasL recognizes the importance of maintaining the confidentiality of Personal Data entrusted to us. We ensure strict adherence to confidentiality obligations by:
Requiring all employees and authorized personnel to sign confidentiality agreements and undergo regular privacy and data protection training.
Implementing access controls to prevent unauthorized disclosure of Personal Data.
Prohibiting the disclosure or sharing of Personal Data with third parties without the explicit consent of the Customer, unless required by applicable law or authorized by the Customer.
EncreasL takes utmost care to protect the confidentiality of Personal Data and diligently upholds the provisions of the DPA to maintain the trust and confidence of our valued customers.
Should you have any questions, require further information, or wish to exercise your rights related to the integrity and confidentiality of Personal Data, please contact us at [email protected].
13. Demonstrating Accountability: Working Towards Compliance with Data Protection Regulations
At EncreasL, we recognize the paramount importance of data protection and privacy for our customers. As a responsible and ethical organization, we are committed to upholding the highest standards of accountability in handling personal data. In this document, we will outline our approach to complying with data protection regulations, with specific reference to the Data Protection Act (DPA).
13.1 Understanding Data Protection Regulations
13.11 The Data Protection Act (DPA) and Its Significance:
a. Explanation of the DPA and its legal framework.
b. Overview of the DPA's key principles and obligations.
13.12 Scope and Applicability:
a. Identifying the types of data covered under the DPA.
b. Determining whether EncreasL falls within the jurisdiction of the DPA.
13.2 Obtaining Consent: A Key Pillar of Compliance
13.21 Consent Requirements:
a. Defining consent under the DPA and its legal implications.
b. Clarifying when consent is required for data processing activities.
c. Discussing the importance of informed and freely given consent.
13.22 Ensuring Consent is Valid:
a. Explaining the elements of valid consent.
b. Describing how EncreasL obtains and records consent.
c. Detailing the methods used to obtain and manage consent.
13.23. Consent Withdrawal and Individual Rights:
a. Outlining the procedures for individuals to withdraw consent.
b. Highlighting EncreasL's commitment to respecting individual rights.
c. Describing how EncreasL handles data subject access requests.
13.3 Data Protection Policies and Procedures
13.31 Data Protection Policies:
a. Detailing EncreasL's data protection policies, including privacy notices and data protection impact assessments (DPIAs).
b. Addressing the principles of purpose limitation, data minimization, and data retention.
13.32 Security Measures:
a. Highlighting EncreasL's robust security measures to safeguard personal data.
b. Explaining encryption, pseudonymization, and anonymization techniques employed.
c. Discussing how EncreasL ensures the confidentiality, integrity, and availability of data.
13.33 Data Breach Response:
a. Outlining EncreasL's procedures for detecting, reporting, and managing data breaches.
b. Emphasizing the importance of prompt action and mitigation.
13.4 Accountability and Compliance Monitoring
13.41 Data Protection Officer (DPO):
a. Explaining EncreasL's appointment of a DPO to oversee data protection activities.
b. Describing the role and responsibilities of the DPO.
13.42 Data Protection Impact Assessments (DPIAs):
a. Explaining the purpose and scope of DPIAs.
b. Detailing how EncreasL conducts DPIAs for high-risk data processing activities.
13.43 Compliance Audits and Reviews:
a. Describing EncreasL's internal audit procedures to ensure ongoing compliance.
b. Highlighting the periodic reviews of data protection practices.
13.5 Other Provisions
13.51 Data Protection Impact Assessment and Prior Consultation:
At EncreasL, we recognize the importance of assisting our customers in fulfilling their obligations under the General Data Protection Regulation (GDPR) or the UK GDPR (as applicable). Upon the customer's reasonable request, EncreasL, as the Processor, will provide reasonable cooperation and assistance to the customer, at the customer's cost, in conducting a data protection impact assessment related to the customer's use of our Service. This assistance will be provided to the extent that the customer does not have access to the necessary information, and such information is available to EncreasL. Additionally, EncreasL will offer reasonable assistance to the customer, at the customer's cost, in cooperating or engaging in prior consultation with the Supervisory Authority as required under the GDPR or the UK GDPR, as applicable.
13.52 Modifications:
In the event of any change in, or decision by a competent authority under, any Data Protection Laws, either party may request in writing variations to this Data Protection Agreement (DPA) with at least forty-five (45) calendar days' prior written notice to the other party. The purpose of such variations would be to allow the processing of customer personal data to continue in compliance with the relevant Data Protection Laws. Upon receiving such notice:
a. Both parties will make commercially reasonable efforts to accommodate the requested modifications if deemed necessary by the customer or EncreasL.
b. The customer shall not unreasonably withhold or delay agreement to consequential variations proposed by EncreasL to protect against additional risks, or to indemnify and compensate EncreasL for any further steps and costs associated with the requested variations.
The parties will promptly discuss the proposed variations and negotiate in good faith to reach an agreement and implement the required or alternative variations to address the identified requirements as soon as reasonably practicable. If the parties are unable to reach an agreement within 30 days of the notice, either party may terminate the Agreement, with immediate effect, to the extent that it relates to the affected services. In such cases, the customer will have no further claims against EncreasL, including any requests for refunds, pursuant to the termination of the Agreement and the DPA as described in this section.
If you have any specific inquiries or concerns regarding with this section, please don't hesitate to reach out to us at [email protected].
14. Data Retention and Deletion: Our Commitment to Privacy and Responsible Data Management
At EncreasL, we take data privacy and responsible data management seriously. As a leading provider in our industry, we recognize the importance of protecting the privacy and confidentiality of the data entrusted to us by our clients and customers. In compliance with applicable data protection laws, including the Data Protection Act (DPA), we have implemented comprehensive measures to ensure that data retention and deletion practices are conducted in a secure, transparent, and legally compliant manner.
14.1 Data Protection Principles:
a. Lawfulness, fairness, and transparency: We process personal data in a lawful and transparent manner, ensuring fairness in our data processing practices.
b. Purpose limitation: We only collect and retain data for specified, explicit, and legitimate purposes, clearly communicated to individuals.
c. Data minimization: We limit the collection and storage of personal data to what is necessary for the intended purposes.
d. Accuracy: We strive to maintain accurate and up-to-date personal data, taking reasonable steps to rectify or erase inaccurate information.
e. Storage limitation: We retain personal data for no longer than necessary to fulfill the purposes for which it was collected, considering legal requirements and legitimate business needs.
f. Integrity and confidentiality: We implement appropriate security measures to protect personal data against unauthorized access, disclosure, alteration, or destruction.
14.2 Consent and Lawful Basis:
a. Obtaining Consent: We obtain consent from individuals before collecting and processing their personal data, ensuring that the consent is freely given, specific, informed, and unambiguous.
b. Lawful Basis for Processing: In addition to consent, we may rely on other lawful bases for processing personal data, such as contractual necessity, compliance with legal obligations, protection of vital interests, performance of a task carried out in the public interest or in the exercise of official authority, and legitimate interests pursued by EncreasL or a third party, where such interests are not overridden by the individual's rights and interests.
14.3 Data Retention:
a. Retention Periods: We establish and maintain documented retention periods for different categories of personal data processed by EncreasL. These retention periods are based on legal requirements, contractual obligations, and the purpose for which the data was collected.
b. Retention Criteria: We consider factors such as the nature and sensitivity of the personal data, the potential risks associated with its retention, the purposes for which it is processed, and the applicable legal requirements when determining appropriate retention periods.
c. Anonymization and Pseudonymization: Whenever possible, we employ techniques such as anonymization or pseudonymization to protect individual privacy while retaining data for statistical analysis or historical research purposes.
d. Review and Disposal: We periodically review the need to retain personal data and ensure its timely disposal once the retention periods have expired or when it is no longer necessary for the purposes it was collected.
14.4 Data Deletion:
a. Right to Erasure: Individuals have the right to request the erasure of their personal data under certain circumstances, as outlined in the DPA. We provide mechanisms for individuals to exercise this right and promptly respond to such requests in accordance with applicable legal requirements.
b. Secure Deletion: When deleting personal data, we employ secure deletion methods to ensure that the data is irreversibly removed from our systems and backups, mitigating the risk of accidental or unauthorized access or disclosure.
c. Exceptions to Deletion: We may be required to retain certain personal data despite receiving an erasure request due to legal obligations or other legitimate reasons permitted by the DPA. In such cases, we will inform the individual about the reasons for the refusal to erase the data.
If you have any specific inquiries or concerns regarding with Data Retention and Deletion, please don't hesitate to reach out to us at [email protected].
15. Protecting Your Privacy: Our Firm Commitment to Not Selling Your Information without Proper Consent
At EncreasL, we understand the importance of privacy and the trust you place in us when sharing your personal information. This document outlines our unwavering commitment to protecting your privacy by ensuring that we do not sell your information without obtaining proper consent. Our practices align with the Data Protection Act (DPA) and other applicable data protection regulations.
15.1 Our Commitment to Privacy:
a. Legal Framework: We adhere to the legal requirements and principles established by the DPA and other relevant data protection regulations to safeguard your privacy rights.
b. Transparency: We believe in being transparent about our data handling practices and providing clear information on how we use and protect your personal information.
15.2 Lawful Basis for Processing:
a. Consent: We obtain explicit and informed consent from you before processing your personal information for any purpose not covered by a legitimate interest or legal obligation.
b. Contractual Obligations: In some instances, we may process your personal information based on contractual obligations, such as when providing a service or fulfilling an agreement with you.
c. Legal Compliance: We process your personal information when necessary to comply with applicable laws, regulations, or legal obligations.
d. Legitimate Interests: We may rely on legitimate interests as a lawful basis for processing your personal information, provided it does not override your rights and interests.
15.3 Not Selling Your Information:
a. Definition: Selling, as defined by the DPA, refers to the disclosure of personal information to a third party in exchange for monetary or other valuable consideration.
b. Our Firm Commitment: We affirm that we do not sell your personal information to third parties without obtaining your proper consent, as required by law.
c. Consent Mechanisms: We provide clear and explicit options for you to provide consent for the sale of your personal information, ensuring that it is freely given, specific, and revocable at any time.
15.4 Safeguarding Your Information:
a. Data Security Measures: We implement robust technical and organizational measures to protect your personal information from unauthorized access, loss, alteration, or disclosure.
b. Confidentiality: We maintain strict confidentiality and handle your personal information with the utmost care, ensuring that only authorized personnel with a legitimate need can access it.
c. Data Retention: We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, unless extended retention is required by law or for legitimate business purposes.
15.5 Your Rights and Choices:
a. Access and Control: You have the right to access, rectify, and update your personal information. You can also exercise your right to restrict or object to certain processing activities.
b. Consent Management: We provide you with easy-to-use mechanisms to manage and withdraw your consent for the processing and potential sale of your personal information.
c. Opt-Out Options: We offer clear and accessible opt-out options to ensure that you have control over the use of your personal information and can choose not to participate in certain activities.
15.6 Complaints and Inquiries:
a. Contact Information: If you have any questions, concerns, or requests regarding the protection of your privacy or the handling of your personal information, please reach out to our designated privacy contact.
b. Complaint Resolution: We have established procedures to address any complaints or inquiries you may have promptly and transparently, ensuring a fair and efficient resolution process.
If you have any specific inquiries or concerns regarding with this section, please don't hesitate to reach out to us at [email protected].