1. Introduction
1.1 Purpose
This General Data Protection Regulation (GDPR) policy outlines WhitoMedia’s commitment to data protection and compliance with the GDPR regulations.
1.2 Scope
This policy applies to all employees, contractors, vendors, and third parties who process personal data on behalf of WhitoMedia.
2. Data Protection Principles
2.1 Lawfulness, Fairness, and Transparency
WhitoMedia shall process personal data lawfully, fairly, and transparently, ensuring individuals are informed about the processing of their data.
2.2 Purpose Limitation
Personal data will only be collected for specified, explicit, and legitimate purposes, and it will not be processed in a manner that is incompatible with these purposes.
2.3 Data Minimization
WhitoMedia shall ensure that personal data is adequate, relevant, and limited to what is necessary for the intended purposes.
2.4 Accuracy
WhitoMedia shall take reasonable steps to ensure that personal data is accurate, up-to-date, and, where necessary, corrected without delay.
2.5 Storage Limitation
Personal data shall be retained only for as long as necessary to fulfill the purposes for which it was collected.
2.6 Integrity and Confidentiality
WhitoMedia shall implement appropriate technical and organizational measures to ensure the security and confidentiality of personal data.
2.7 Accountability and Transparency
WhitoMedia shall be responsible for, and able to demonstrate, compliance with GDPR principles and requirements.
3. Data Subject Rights
3.1 Right to Access
Data subjects have the right to access their personal data processed by WhitoMedia.
3.2 Right to Rectification
Data subjects can request the correction of inaccurate or incomplete personal data.
3.3 Right to Erasure (Right to be Forgotten)
Data subjects have the right to request the deletion of their personal data under certain circumstances.
3.4 Right to Data Portability
Data subjects can request their personal data in a structured, commonly used, and machine-readable format.
3.5 Right to Object
Data subjects can object to the processing of their personal data in certain situations.
4. Data Breach Response
4.1 Reporting
WhitoMedia shall promptly report any data breaches to the relevant supervisory authority and data subjects when necessary, in accordance with GDPR requirements.
4.2 Mitigation
WhitoMedia will take immediate action to mitigate the impact of data breaches and prevent further unauthorized access.
5. Data Protection Officer (DPO)
WhitoMedia shall appoint a Data Protection Officer responsible for ensuring GDPR compliance, monitoring data protection activities, and acting as the point of contact for data subjects and supervisory authorities.
6. Training and Awareness
WhitoMedia shall provide training and awareness programs to employees and contractors involved in data processing activities to ensure they understand GDPR requirements.
7. Documentation and Records
WhitoMedia shall maintain records of data processing activities, including data processing purposes, data categories, data subject information, and any third-party data processors.
8. Review and Update
This GDPR policy will be regularly reviewed and updated to ensure ongoing compliance with GDPR regulations and changes in business operations.
9. Contact Information
For questions or concerns related to GDPR compliance or data protection matters, please contact:
contact@whitomedia.com