GDPR Compliance Statement
At Skidmore Agnecy, we are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We recognize our obligations in updating and expanding our GDPR compliance program to meet the standards and principles of the EU General Data Protection Regulation (GDPR).
Legal Basis for Processing Personal Data
We process personal data in compliance with the lawful bases set forth in the GDPR.
- Consent: We obtain explicit consent from individuals prior to processing their data.
- Contractual Necessities: We process personal data as necessary to fulfill our contractual obligations.
- Legal Obligations: We process personal data as necessary for compliance with legal obligations.
- Legitimate Interests: Where necessary, we process data to protect the legitimate interests of our company or third parties, provided that such interests are not overridden by the rights and freedoms of the data subjects.
Data Subject Rights
Under GDPR, data subjects have the following rights:
- The right to be informed about our data collection and use.
- The right of access to their personal data and supplementary information.
- The right to rectification of inaccurate personal data.
- The right to erasure (‘right to be forgotten’).
- The right to restrict processing of their data.
- The right to data portability.
- The right to object to processing based on legitimate interests, direct marketing, and processing for research and statistics.
- Rights related to automated decision-making and profiling.
Data Security and Protection
We have implemented technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data. All client communication is handled via in transit TLS encryption e-mail and client files are stored on encrypted cloud-based storage. E-mails are stored with zero-access encryption.
- Ensuring ongoing confidentiality, integrity, availability, and resilience of processing systems.
- Regular testing and evaluation of the effectiveness of technical and organizational measures.
Data Breach Notification
In the event of a data breach, we will notify the supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it. When the data breach is likely to result in a high risk to the rights and freedoms of individuals, we will also notify the affected data subjects without undue delay.
Data Protection Officer
Surge Business Solutions has appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and ensuring compliance with GDPR requirements.
Contact Us
If you have any questions about our GDPR compliance, data processing practices, or your data protection rights, please contact us skidmorefund@proton.me.
This statement was last updated on 11/28/2023. Surge Business Solutions reserves the right to amend or modify this statement at any time in response to changing legal, technical, or business developments.