GDPR Compliance

How Venen Grada ensures compliance with the General Data Protection Regulation for our European clients and partners.

Last updated: January 15, 2024

Our Commitment to GDPR

The General Data Protection Regulation (GDPR) sets strict standards for data protection and privacy for individuals within the European Union (EU) and European Economic Area (EEA). At Venen Grada, we are committed to ensuring that our data processing activities comply with GDPR requirements, regardless of where our clients are located.

Key GDPR Principles We Follow

Lawfulness, Fairness, and Transparency

We process personal data lawfully, fairly, and in a transparent manner. We clearly communicate what data we collect, why we collect it, and how it will be used through our Privacy Policy and this page.

Purpose Limitation

Personal data is collected for specified, explicit, and legitimate purposes. We do not process data in ways that are incompatible with those purposes without obtaining additional consent.

Data Minimization

We collect only the personal data that is necessary for the purposes we have identified. We regularly review our data collection practices to ensure we are not gathering more information than required.

Accuracy

We take reasonable steps to ensure that personal data is accurate and up-to-date. Individuals can request corrections to their data at any time.

Storage Limitation

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. We have data retention policies that specify how long different types of data are kept.

Integrity and Confidentiality

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or damage.

Your Rights Under GDPR

If you are a resident of the EU or EEA, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information within 30 days of receiving your request.

Right to Rectification

If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request corrections.

Right to Erasure ("Right to be Forgotten")

In certain circumstances, you may request that we delete your personal data. This applies when the data is no longer necessary for the purpose it was collected, or if you withdraw consent.

Right to Restrict Processing

You may request that we limit how we use your personal data in certain circumstances, such as when you contest the accuracy of the data or object to our processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.

Right to Object

You may object to the processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or significant effects.

Legal Basis for Processing

We process personal data on the following legal bases:

  • Consent: Where you have given explicit consent for specific processing activities.
  • Contract: Where processing is necessary for the performance of a contract with you.
  • Legal obligation: Where processing is required to comply with applicable laws.
  • Legitimate interests: Where processing is necessary for our legitimate business interests, balanced against your rights and interests.

International Data Transfers

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place to protect your data. These safeguards may include:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries with adequate data protection laws
  • Other legally recognized transfer mechanisms

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights, we will also notify you directly without undue delay.

Data Protection Officer

For questions regarding our GDPR compliance or to exercise your data protection rights, you may contact our designated data protection contact:

Email: [email protected]
Subject: GDPR Inquiry

Supervisory Authority

If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with a supervisory authority in the EU Member State where you reside, work, or where you believe an infringement occurred.

Updates to This Page

We may update this GDPR compliance information from time to time to reflect changes in our practices or applicable laws. The date of the last update will be indicated at the top of this page.