GDPR Compliance Statement
Last Updated: 07/May/2024
1. Introduction
we are committed to protecting the privacy and security of our customers’ personal information. This GDPR Compliance Statement outlines our efforts to comply with the requirements of the General Data Protection Regulation (GDPR) and our commitment to safeguarding the personal data of individuals who interact with our website and services.
2. Data Collection and Processing
We collect and process personal data in accordance with the principles of lawfulness, fairness, and transparency. Personal data is collected only for specified, explicit, and legitimate purposes, and we do not process it further in a manner that is incompatible with those purposes.
3. Legal Basis for Processing
We process personal data on various legal bases, including:
- The data subject has given consent to the processing of their personal data for one or more specific purposes.
- Processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.
- Processing is necessary for compliance with a legal obligation to which we are subject.
- Processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
4. Data Subject Rights
Under the GDPR, data subjects have certain rights regarding their personal data, including:
- The right to access their personal data
- The right to rectification
- The right to erasure (also known as the “right to be forgotten”)
- The right to restrict processing
- The right to data portability
- The right to object to processing
- Rights in relation to automated decision making and profiling
5. Data Security
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage of personal data.
6. Data Transfers
We may transfer personal data to countries outside the European Economic Area (EEA) only if adequate safeguards are in place, such as standard contractual clauses or an adequacy decision from the European Commission.
7. Data Breach Notification
In the event of a data breach involving personal data, we will notify the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after becoming aware of it. We will also notify affected data subjects if the breach is likely to result in a high risk to their rights and freedoms.
8. Contact Us
If you have any questions or concerns about our GDPR compliance or the processing of your personal data, please contact us:
- By email: contact@aro-blend.com
- By visiting this page on our website: https://aro-blend.com/contact-us