GDPR

General Data Protection Regulation (GDPR) Compliance Policy
GreyArc Technologies

Last Updated: 01/06/2024

1. Introduction

GreyArc Technologies ("we," "our," "us") is committed to ensuring the protection and privacy of personal data in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This GDPR Compliance Policy outlines how we collect, process, store, and protect personal data in accordance with applicable data protection laws.

2. Scope

This policy applies to all personal data collected, processed, and stored by GreyArc Technologies in relation to employees, customers, partners, and third parties. It also covers the rights of individuals regarding their personal data and our obligations under GDPR.

3. Data Controller and Data Processor

GreyArc Technologies acts as a Data Controller for personal data we collect and determine its processing purposes. In cases where we process personal data on behalf of clients, we act as a Data Processor in accordance with their instructions.

4. Personal Data We Collect

We collect various types of personal data, including but not limited to:

• Identity Data: Name, job title, company name.
• Contact Data: Email address, phone number, physical address.
• Financial Data: Billing details, payment information.
• Technical Data: IP addresses, cookies, login data, and usage details.
• Communication Data: Customer inquiries, support requests, and feedback.
• Employment Data: CVs, resumes, employment history (for hiring purposes).

5. How We Collect Personal Data

We collect personal data through:

• Direct interactions (e.g., filling out forms, contacting us via email or phone).
• Automated technologies (e.g., cookies, analytics tools, website tracking).
• Third-party sources (e.g., business partners, referrals, public records).

6. Legal Basis for Processing Personal Data

We process personal data based on one or more of the following lawful bases:

• Consent: When individuals provide explicit consent.
• Contractual Necessity: When processing is required to fulfill a contract.
• Legal Obligation: When processing is necessary for compliance with legal duties.
• Legitimate Interests: When processing is essential for business operations and does not override individual rights.

7. How We Use Personal Data

Personal data is used for:

• Providing and improving our services.
• Processing payments and managing accounts.
• Communicating with customers and responding to inquiries.
• Sending marketing and promotional materials (where permitted).
• Recruiting and employment processes.
• Compliance with legal and regulatory requirements.

8. Data Security and Protection

We implement appropriate security measures to protect personal data, including:

• Encryption of sensitive data.
• Secure access controls and authentication.
• Regular security assessments and audits.
• Employee training on data protection policies.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal, regulatory, or contractual obligations. After the retention period expires, data is securely deleted or anonymized.

10. Data Sharing and Transfers

We may share personal data with:

• Service providers who assist in business operations.
• Legal authorities where required by law.
• Partners and affiliates with appropriate data protection agreements.

If personal data is transferred outside the European Economic Area (EEA), we ensure adequate safeguards, such as Standard Contractual Clauses (SCCs) or other lawful mechanisms.

11. Individual Rights Under GDPR

Individuals have the following rights regarding their personal data:

• Right to Access: Obtain a copy of their personal data.
• Right to Rectification: Request correction of inaccurate data.
• Right to Erasure (Right to be Forgotten): Request deletion of their data.
• Right to Restrict Processing: Limit how their data is processed.
• Right to Data Portability: Receive their data in a structured, machine-readable format.
• Right to Object: Object to data processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent at any time.

Requests related to these rights can be made by contacting us at [Insert Contact Email].

12. Cookies and Tracking Technologies

We use cookies and similar technologies to improve user experience. Users can manage cookie preferences through their browser settings. For more information, refer to our Cookie Policy.

13. Data Breach Notification

In the event of a data breach, we will assess the impact and notify affected individuals and relevant authorities in accordance with GDPR requirements.

14. Changes to This Policy

We may update this GDPR Policy from time to time to reflect changes in data protection laws and business practices. Updates will be posted on our website with the latest revision date.

15. Contact Information

For any questions or requests regarding this GDPR Compliance Policy, please contact:

GreyArc Technologies

• Email: contact@greyarctechnologies.com

• Phone: +40.741.395.171

• Address: Unirii Street, 191, Bucharest

---