Introduction

Corefinity is committed to protecting the privacy and security of our clients' data. This GDPR Policy outlines our practices and procedures for handling personal data in compliance with the General Data Protection Regulation (EU) 2016/679.

Scope

This policy applies to all personal data processed by Corefinity and its employees, regardless of the data's format.

Data Protection Principles

Corefinity adheres to the following data protection principles:

• Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and transparently.
• Purpose Limitation: We collect data for specified, explicit, and legitimate purposes.
• Data Minimisation: We ensure personal data is adequate, relevant, and limited to what is necessary.
• Accuracy: We keep personal data accurate and up to date.
• Storage Limitation: We retain personal data no longer than necessary.
• Integrity and Confidentiality: We ensure personal data is processed securely.
• Lawful Basis for Processing

Our lawful bases for processing include consent (where individuals have explicitly agreed), contractual necessity (to fulfil our contractual obligations), compliance with legal obligations, protection of vital interests, performance of a task carried out in the public interest, and legitimate interests pursued by Corefinity or a third party.

Rights of Individuals

We recognise and facilitate the rights of data subjects, including access to data, correction, deletion, processing restrictions, data portability, objection to processing, and not being subject to automated decision-making.

Data Security

Corefinity employs robust technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.

Data Breaches

In the event of a data breach, we will promptly assess the risk to individuals' rights and freedoms and report this to the relevant supervisory authority within 72 hours of becoming aware of it, where feasible.

Data Transfers

Any transfer of data outside the EEA is done with appropriate safeguards in place, such as Standard Contractual Clauses or adherence to an adequacy decision by the European Commission.

Third-Party Processors

We engage third-party processors who comply fully with GDPR and ensure they meet our data protection standards.

Training and Awareness

All employees are provided with training on GDPR to ensure they understand their responsibilities towards data protection.

Policy Review and Updates

This policy is reviewed annually and updated as necessary to ensure ongoing compliance with GDPR.

Contact Information

For any enquiries regarding this policy or data protection practices, please contact our Data Protection Officer at [email protected].