The GDPR is one of the most important privacy and data protection laws adopted in the European Union. This regulation provides EU residents with greater transparency and control over their personal data and makes companies handling personal data accountable for their choices. Provisions of this regulation apply to all businesses within the world collecting and processing personal data of individuals, including EU residents themselves.

1. TRANSPARENCY

Transparent processing means that companies must inform their data subjects about the processing activities on their personal data in a clear and simple way.

Steps taken to comply:

• For providing transparency, we have revised our Privacy Policy and made it clear and easy to understand, so that you can learn how we collect and process your personal data, what rights you have and other important details you might need to know.
• In addition, we have prepared our Cookie Policy clearly describing which types of cookies we use and how you can change your cookie settings.

2. LAWFULLNESS

Lawful processing means that all and any processing of personal data should be based on a legitimate purpose.

Steps taken to comply:

• We have revised all the activities in our company regarding the processing of personal data, the purposes of such processing and the relevant legal bases. This information is clearly outlined in a corresponding table in our Privacy Policy.
• With regard to such a legal base as our legitimate interests, we have balanced individual’s interests with our legitimate interests to avoid individual’s interests completely overriding ours.
• With regard to such legal base as your consent, we have implemented a prominent and separate request for your consent on cookies placement and processing of the relevant information.

3. DATA MINIMIZATION

It means that companies are expected to limit processing of personal information only to that data which is strictly necessary, and not to keep personal data once the processing purpose is completed.

Steps taken to comply:

• We studied the information we intended to collect about individuals, determined the purposes of this collection and established clear and legitimate categories of personal data and purposes of their processing in our Privacy Policy.

4. DATA SECURITY

Companies should exercise appropriate organizational and technical mechanisms to protect personal data, including at the stage of designing new systems and processes.

Steps taken to comply:

• We have reviewed our security measures and took necessary steps to improve and strengthen them. CompatibL commitment to security has been proved by ISO27001:2022 and SOC 2 Type 2 certificates.

5. DATA SUBJECT RIGHTS

Under the GDPR, data subjects have the right to ask companies what information they have about them, and what the companies do with it. In addition, data subjects have the right to ask for correction, object to processing, lodge a complaint, or even ask for the deletion or transfer of their personal data.

Steps taken to comply:

• We have offered our clients data portability and data management mechanisms (including access, correction, and removal of their personal data) which they may easily exercise by contacting us.

6. DATA TRANSFER

It means companies have the obligation to ensure the protection and privacy of personal data when that data is being transferred outside the company, to a third party (service providers, etc.).

Steps taken to comply:

• We regularly review our Service Providers to check their compliance with the recognized security practices.

7. PERSONAL DATA BREACHES

The breach notification requirements require data controllers to inform all affected individuals about data breaches if the data breach is likely to result in a high risk to their rights and freedoms. We will notify the competent supervisory authority within 72 hours of becoming aware of a personal data breach, where required by law.

Steps taken to comply:

• We have implemented an internal Personal Data Breach Policy setting out procedures for identifying, investigating, and reporting any personal data breach.
• We have taken obligations to cooperate with our clients and supervisory authorities and to take reasonable commercial steps to assist in the investigation, mitigation, and remediation of each such personal data breach.
• Where required by law, we will notify the affected individuals without undue delay and provide them with information about the nature of the breach, the likely consequences, and the measures taken or proposed to address it.

Being subject to the applicable law, you also have the right to:

• Restrict CompatibL’s use of Other Information that constitutes your Personal Data
• Lodge a complaint with your local data protection authority.

If you believe that CompatibL has not been able to assist with your complaint or concern, and you are located in the European Economic Area or the United Kingdom, you have the right to lodge a complaint with the competent supervisory authority (the Information Commissioner’s Office).

Otherwise, you can find the contact details for your appropriate data protection authority on the following website.

More information on the GDPR can be found by visiting the following website – https://gdpr-info.eu/