Privacy and Data Protection Policy
Personal data is defined as:
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
A ‘Sub-Processor’ means :
Third-party data processor engaged by a Data Processor who process personal data from a Data Controller;
IV. SUBCONTRACTOR ENGAGEMENT
V. WHO IS RESPONSIBLE FOR MANAGING AND PROTECTING VERMEG’S CLIENTS’ PERSONAL INFORMATION ?
See the list of VERMEG’s locations.
VI. VERMEG’S APPROACH TO SECURE PERSONAL INFORMATION
VEREMEG uses a range of physical, electronic and managerial measures to keep clients’ Personal Information secure, accurate and up to date. These measures include:
- education and training to relevant staff so they are aware of the privacy obligations when handling Personal Information;
- administrative and technical controls to restrict access to Personal Information on a ‘need to know’ basis;
- technological security measures, including firewalls, secured servers, encryption and anti-virus software; and
- physical security measures, such as staff security passes to access our premises.
VII. PRIVACY BY DESIGN
Use of techniques such as data minimization and pseudonymization will be considered where applicable and appropriate.
VIII. CONTRACTS INVOLVING THE PROCESSING OF PERSONAL DATA
The processing of any personal data is always managed through agreements, contracts or DPAs (Data Processing Agreements), which include any privacy requirements with the client.
As mentioned in said contracts, agreements, and DPAs, VERMEG will ensure the respect of all of its clients instructions.
IX. INTERNATIONAL TRANSFER OF PERSONAL DATA
- they fall within the limits imposed by the GDPR or by any other relevant applicable data protection laws and that
- the relevant appropriate safeguards are put in place (e.g. adequacy decision of the European Commission, EU Standard Contractual Data Protection Clauses adopted by the European Commission).
X. BREACH NOTIFICATION
XI. RIGHTS OF THE CONTROLLER
XII. DATA PROTECTION OFFICER
For any questions, inquiries, suggestions, comments please contact VERMEG DPO dpo@VERMEG.com.