GDPR

GDPR

ZumIT, a leading outsourcing company providing outsourcing services and people employment officer services in Romania, is committed to complying with the European Union’s General Data Protection Regulation (GDPR). This policy outlines our commitment to protecting the privacy and rights of individuals whose personal data we process.

1. Data Protection Principles

We are dedicated to adhering to the following fundamental principles of GDPR:

a. Lawfulness, Fairness, and Transparency

We will process personal data lawfully, fairly, and transparently. We will inform individuals about the purposes of data processing and any relevant information about their rights.

b. Purpose Limitation

We will collect personal data for specified, explicit, and legitimate purposes and will not process it in a manner incompatible with those purposes.

c. Data Minimization

We will collect only the personal data that is necessary for the purposes for which it is processed. We will strive to keep data accurate and up-to-date.

d. Accuracy

We will make reasonable efforts to ensure the accuracy of personal data and rectify any inaccuracies without undue delay.

e. Storage Limitation

We will retain personal data for no longer than necessary for the purposes for which it is processed. We will establish and adhere to data retention policies.

f. Integrity and Confidentiality

We will process personal data in a manner that ensures its security and confidentiality, including protection against unauthorized or unlawful processing, and against accidental loss, destruction, or damage.

2. Data Subject Rights

We respect the rights of data subjects under GDPR and will facilitate the exercise of these rights, including:

a. Right to Access

Individuals have the right to request access to their personal data and receive information on how we process it.

b. Right to Rectification

Individuals can request the correction of inaccurate or incomplete personal data.

c. Right to Erasure (Right to Be Forgotten)

Individuals can request the deletion of their personal data under certain circumstances.

d. Right to Restriction of Processing

Individuals can request that we restrict the processing of their personal data in specific situations.

e. Right to Data Portability

Upon request, we will provide individuals with their personal data in a structured, commonly used, and machine-readable format.

f. Right to Object

Individuals can object to the processing of their personal data, and we will stop processing unless we have a legitimate interest that overrides this right.

3. Data Protection Impact Assessments (DPIAs)

We will conduct DPIAs when necessary to assess and mitigate data protection risks associated with certain data processing activities, especially those involving high risks to data subjects’ rights and freedoms.

4. Data Security

We will implement appropriate technical and organizational measures to ensure the security of personal data. This includes measures to protect data against unauthorized access, accidental loss, destruction, or damage.

5. Data Breach Notification

In the event of a data breach that poses a risk to individuals’ rights and freedoms, we will notify the relevant supervisory authority and affected individuals as required by GDPR.

6. Data Processing Records

We will maintain records of our data processing activities, including purposes, categories of data, and security measures, as required by GDPR.

7. International Data Transfers

If we transfer personal data outside the European Economic Area (EEA), we will ensure appropriate safeguards are in place to protect the data, as required by GDPR.

8. Data Protection Officer (DPO)

We have appointed a Data Protection Officer who is responsible for ensuring compliance with GDPR and can be reached at [DPO Contact Information].

9. Updates to this Policy

This GDPR Compliance Policy may be updated periodically to reflect changes in our data processing activities or legal requirements. We will notify individuals and relevant authorities of any material changes.

For inquiries or requests related to GDPR compliance or data protection, please contact us