GDPR Compliance

Last updated: January 1, 2024

Our Commitment to GDPR

Example Corporation Inc. is committed to protecting the privacy and personal data of all individuals in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and your rights as a data subject.

Legal Basis for Processing

We process personal data based on the following legal grounds:

Consent: You have given clear consent for us to process your personal data
Contract: Processing is necessary for the performance of our services
Legal Obligation: Processing is necessary to comply with the law
Legitimate Interests: Processing is necessary for our legitimate interests

Your Rights Under GDPR

As a data subject, you have the following rights:

1. Right to Access

You have the right to request access to your personal data and receive a copy of the data we hold about you.

2. Right to Rectification

You have the right to request correction of inaccurate personal data and to have incomplete data completed.

3. Right to Erasure (’Right to be Forgotten’)

You have the right to request deletion of your personal data under certain circumstances.

4. Right to Restrict Processing

You have the right to request restriction of processing of your personal data under certain circumstances.

5. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

6. Right to Object

You have the right to object to processing of your personal data for direct marketing purposes or based on legitimate interests.

7. Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure data security:

Encryption of data in transit and at rest
Regular security assessments and audits
Access controls and authentication measures
Employee training on data protection
Data minimization principles
Privacy by design and default

International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions by the European Commission
Other appropriate safeguards as required by GDPR

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Our data retention periods are based on:

The nature of the data and purpose of processing
Legal and regulatory requirements
Statute of limitations periods
Business operational requirements

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority within 72 hours
Notify affected individuals without undue delay if there is a high risk
Document all breaches and actions taken
Take immediate steps to mitigate the breach

How to Exercise Your Rights

To exercise any of your rights under GDPR, please contact our Data Protection Officer:

Data Protection Officer
Example Corporation Inc.
Email: dpo@example.com
Phone: +1 (555) 123-4567
Address: 123 Business Street, Suite 100, New York, NY 10001

We will respond to your request within one month of receipt. In certain circumstances, we may extend this period by two months, but we will inform you if this is necessary.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with GDPR requirements. You can contact your local data protection authority or the lead supervisory authority for our company.

Updates to This Notice

We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this notice periodically.