GDRP

EpicMust General Data Protection Regulation (GDPR) Compliance Policy


Effective Date: [2oth Oct 2023]


  1. Introduction

EpicMust, a company based in Sweden, is committed to safeguarding the privacy and data protection rights of its customers, visitors, and partners. This General Data Protection Regulation (GDPR) Compliance Policy outlines our commitment to compliance with the GDPR and the measures we have implemented to ensure the protection of personal data.


  1. Scope

This policy applies to all personal data collected, processed, and stored by EpicMust in the course of our business operations.


  1. Data Protection Principles

EpicMust is dedicated to adhering to the key principles of GDPR, which include:


Lawfulness, fairness, and transparency in data processing.

Limitation of data collection and processing for specified, legitimate purposes.

Data accuracy and the need for timely updates.

Secure and confidential data processing.

Data minimization to reduce the scope of personal data collected.

Data retention and disposal in compliance with legal requirements.

Accountability and documentation of data processing activities.

 

  1. Data Collection and Processing


EpicMust collects personal data for specific, lawful purposes, including order processing, customer support, marketing, and communication. We ensure that data is collected with the consent of individuals and that their rights are respected.


  1. Data Protection Officer

EpicMust has appointed a Data Protection Officer (DPO) to oversee data protection efforts. The DPO can be contacted at contact@epicmust.com with subject GDPR in email.


  1. Data Subject Rights

EpicMust respects the rights of data subjects, including the right to access, rectify, erase, and port personal data. Data subjects may exercise their rights by contacting our Data Protection Officer.


  1. Data Security

EpicMust has implemented robust security measures to safeguard personal data from unauthorized access, alteration, disclosure, and destruction. These measures include encryption, access controls, and regular security audits.


  1. Data Breach Notification

In the event of a data breach, EpicMust will adhere to GDPR requirements for notifying relevant authorities and data subjects when applicable. We will also maintain records of data breaches.


  1. Data Protection Impact Assessment (DPIA)

EpicMust conducts Data Protection Impact Assessments as needed to identify and mitigate data protection risks for specific projects or processing activities.


  1. International Data Transfers

EpicMust only transfers personal data to countries outside the European Economic Area (EEA) when adequate safeguards are in place, as required by GDPR.


  1. Data Processing Agreements

EpicMust enters into Data Processing Agreements (DPAs) with data processors to ensure GDPR compliance when third parties are involved in data processing activities.


  1. Review and Updates

EpicMust will review and update this GDPR Compliance Policy periodically to ensure alignment with regulatory changes and company procedures.


  1. Contact Information

For inquiries or requests related to GDPR compliance or personal data, please contact our Data Protection Officer at contact@epicmust.com with subject GDPR in email.


This GDPR Compliance Policy outlines the key principles, responsibilities, and practices that EpicMust follows to ensure the protection of personal data and compliance with GDPR. It is crucial to regularly review and update this policy to reflect evolving privacy regulations and business practices.