GDRP
EpicMust General Data Protection Regulation (GDPR) Compliance Policy
Effective Date: [2oth Oct 2023]
- Introduction
EpicMust, a company based in Sweden, is committed to safeguarding the privacy and data protection rights of its customers, visitors, and partners. This General Data Protection Regulation (GDPR) Compliance Policy outlines our commitment to compliance with the GDPR and the measures we have implemented to ensure the protection of personal data.
- Scope
This policy applies to all personal data collected, processed, and stored by EpicMust in the course of our business operations.
- Data Protection Principles
EpicMust is dedicated to adhering to the key principles of GDPR, which include:
Lawfulness, fairness, and transparency in data processing.
Limitation of data collection and processing for specified, legitimate purposes.
Data accuracy and the need for timely updates.
Secure and confidential data processing.
Data minimization to reduce the scope of personal data collected.
Data retention and disposal in compliance with legal requirements.
Accountability and documentation of data processing activities.
-
Data Collection and Processing
EpicMust collects personal data for specific, lawful purposes, including order processing, customer support, marketing, and communication. We ensure that data is collected with the consent of individuals and that their rights are respected.
- Data Protection Officer
EpicMust has appointed a Data Protection Officer (DPO) to oversee data protection efforts. The DPO can be contacted at contact@epicmust.com with subject GDPR in email.
- Data Subject Rights
EpicMust respects the rights of data subjects, including the right to access, rectify, erase, and port personal data. Data subjects may exercise their rights by contacting our Data Protection Officer.
- Data Security
EpicMust has implemented robust security measures to safeguard personal data from unauthorized access, alteration, disclosure, and destruction. These measures include encryption, access controls, and regular security audits.
- Data Breach Notification
In the event of a data breach, EpicMust will adhere to GDPR requirements for notifying relevant authorities and data subjects when applicable. We will also maintain records of data breaches.
- Data Protection Impact Assessment (DPIA)
EpicMust conducts Data Protection Impact Assessments as needed to identify and mitigate data protection risks for specific projects or processing activities.
- International Data Transfers
EpicMust only transfers personal data to countries outside the European Economic Area (EEA) when adequate safeguards are in place, as required by GDPR.
- Data Processing Agreements
EpicMust enters into Data Processing Agreements (DPAs) with data processors to ensure GDPR compliance when third parties are involved in data processing activities.
- Review and Updates
EpicMust will review and update this GDPR Compliance Policy periodically to ensure alignment with regulatory changes and company procedures.
- Contact Information
For inquiries or requests related to GDPR compliance or personal data, please contact our Data Protection Officer at contact@epicmust.com with subject GDPR in email.
This GDPR Compliance Policy outlines the key principles, responsibilities, and practices that EpicMust follows to ensure the protection of personal data and compliance with GDPR. It is crucial to regularly review and update this policy to reflect evolving privacy regulations and business practices.