GDPR Policy

1. Purpose

The purpose of this GDPR Compliance Policy is to demonstrate NowCorp’s commitment to protecting the privacy and personal data of our employees, customers, partners, and stakeholders. This policy outlines how we handle, store, and protect personal data to ensure compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679.

2. Scope

This policy applies to:

  • All NowCorp employees, contractors, and partners who handle personal data
  • All processes and systems within NowCorp that process personal data, including data collection, storage, transfer, and deletion
  • Personal data of any individual whose information NowCorp processes, including employees, customers, vendors, and website users

3. Definitions

  • Personal Data: Any information that can directly or indirectly identify a natural person, such as name, address, email, identification number, location data, or online identifiers.
  • Data Subject: The individual whose personal data is being processed.
  • Data Controller: NowCorp, which determines the purposes and means of processing personal data.
  • Data Processor: Any third-party entity that processes personal data on behalf of NowCorp.
  • Processing: Any operation performed on personal data, including collection, recording, organization, structuring, storage, alteration, retrieval, disclosure, or erasure.

4. Data Protection Principles

NowCorp is committed to processing personal data in compliance with the following GDPR principles:

  • Lawfulness, Fairness, and Transparency: Personal data will be processed lawfully, fairly, and in a transparent manner.
  • Purpose Limitation: Data will only be collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes.
  • Data Minimization: Only personal data that is necessary for the intended purposes will be collected and processed.
  • Accuracy: Reasonable steps will be taken to keep personal data accurate and up-to-date.
  • Storage Limitation: Personal data will be retained only as long as necessary for the purposes for which it was collected.
  • Integrity and Confidentiality: Personal data will be processed securely to prevent unauthorized access, loss, or damage.

5. Data Subject Rights

NowCorp respects the rights of data subjects under GDPR, which include the right to:

  • Access: Request access to personal data NowCorp holds about them.
  • Rectification: Request correction of inaccurate or incomplete personal data.
  • Erasure: Request deletion of personal data when it is no longer necessary, or if consent is withdrawn.
  • Restriction of Processing: Request restriction of processing under certain conditions.
  • Data Portability: Request a copy of their data in a structured, commonly used format.
  • Object to Processing: Object to the processing of personal data for specific purposes, including direct marketing.
  • Withdraw Consent: Withdraw consent at any time where consent is the basis for data processing.

Data subjects can exercise their rights by contacting NowCorp’s Data Protection Officer (DPO) at [insert contact information].

6. Legal Basis for Processing Personal Data

NowCorp will only process personal data when there is a legal basis to do so, including:

  • Consent: When the data subject has provided clear consent.
  • Contractual Necessity: When processing is necessary for the performance of a contract with the data subject.
  • Legal Obligation: When processing is necessary for NowCorp to comply with the law.
  • Legitimate Interests: When processing is necessary for NowCorp’s legitimate interests, provided these do not override the data subject’s rights and freedoms.

7. Data Security

NowCorp employs appropriate technical and organizational measures to ensure data security, including:

  • Access control and authentication mechanisms
  • Encryption and secure storage of personal data
  • Regular data security audits and vulnerability assessments
  • Incident response plans for managing data breaches

8. Data Breach Notification

In the event of a personal data breach, NowCorp will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible
  • Inform affected data subjects if the breach poses a high risk to their rights and freedoms
  • Document the breach, its impact, and any corrective actions taken

9. Data Transfers

NowCorp will only transfer personal data outside the European Economic Area (EEA) when appropriate safeguards are in place to protect the data, including:

  • Transfers to countries with adequate data protection laws as determined by the European Commission
  • Transfers subject to standard contractual clauses or binding corporate rules approved by the European Commission

10. Third-Party Processors

NowCorp ensures that all third-party processors comply with GDPR requirements by:

  • Conducting due diligence before engaging with third-party processors
  • Ensuring contracts with third-party processors contain GDPR-compliant terms and clauses
  • Monitoring and auditing third-party processors to maintain compliance

11. Policy Review and Updates

This GDPR Compliance Policy will be reviewed at least annually, or more frequently as necessary, to ensure it remains compliant with GDPR and reflects any operational or regulatory changes. Any updates will be communicated to employees, customers, and stakeholders.

12. Contact Information

For questions or concerns about this GDPR Compliance Policy, or to exercise your data protection rights, please contact NowCorp’s Data Protection Officer (DPO)

Skip to content