This GDPR Compliance Document (“Document”) outlines the data protection practices and procedures of Zintek Systems LTD (“Company”) in compliance with the General Data Protection Regulation (GDPR) and relevant Irish data protection laws.
2.1. The Company has appointed a Data Protection Officer who can be contacted at [DPO Contact Information].
3.1. The Company shall only collect and process personal data for lawful, legitimate, and specified purposes.
3.2. Personal data shall be collected and processed fairly, transparently, and in accordance with the data subject’s rights.
3.3. The Company shall inform data subjects of the purposes and legal basis for processing their data and retain records of such processing.
4.1. Where necessary, the Company shall obtain explicit and informed consent from data subjects for data processing activities.
4.2. Data subjects shall have the right to withdraw their consent at any time.
5.1. The Company shall implement appropriate technical and organizational measures to ensure the security and confidentiality of personal data.
5.2. Regular risk assessments and security audits shall be conducted to identify and mitigate data security risks.
6.1. Data subjects have the following rights under GDPR:
- The right to access their personal data.
- The right to rectify inaccurate data.
- The right to erasure (right to be forgotten).
- The right to data portability.
- The right to object to processing.
- The right to restrict processing.
- The right not to be subject to automated decision-making.
6.2. The Company shall respond to data subject requests within one month unless the request is complex or numerous.
7.1. The Company shall notify the Irish Data Protection Commission (DPC) of any data breaches without undue delay and, where feasible, within 72 hours of becoming aware of the breach.
7.2. Data subjects shall be notified of data breaches where the breach poses a high risk to their rights and freedoms.
8.1. The Company shall not transfer personal data outside the European Economic Area (EEA) without ensuring an adequate level of data protection.
9.1. The Company shall maintain records of all data processing activities, including:
- The purposes of processing.
- Categories of data subjects.
- Categories of personal data.
- Data retention periods.
10.1. The Company shall provide data protection training to employees and contractors who handle personal data.
11.1. The Company shall periodically review and audit its data protection practices and update this Document as needed.