GDPR

The excellence guide is committed to protecting the privacy and personal data of individuals in compliance with the General Data Protection Regulation (GDPR). This statement outlines our approach to collecting, storing, processing, and protecting personal data in accordance with the GDPR.

Principles of Data Protection: We adhere to the following fundamental principles of data protection as outlined in the GDPR:

  1. Lawfulness, fairness, and transparency: We process personal data lawfully, fairly, and in a transparent manner.
  2. Purpose limitation: We collect and process personal data only for specified, explicit, and legitimate purposes.
  3. Data minimization: We collect and process personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
  4. Accuracy: We strive to ensure that personal data we process is accurate and kept up to date.
  5. Storage limitation: We retain personal data for no longer than is necessary for the purposes for which it is processed.
  6. Integrity and confidentiality: We implement appropriate technical and organizational measures to ensure the security and confidentiality of personal data.
  7. Accountability: We are accountable for our data protection practices and have mechanisms in place to demonstrate compliance with the GDPR.

Lawful Basis for Processing: We will only process personal data when there is a lawful basis to do so, which may include:

  1. Consent: We will seek explicit consent from individuals to process their personal data for specific purposes.
  2. Contractual necessity: We may process personal data when it is necessary to fulfill a contract or take pre-contractual measures at the individual’s request.
  3. Legal obligation: We may process personal data to comply with legal obligations imposed upon us.
  4. Legitimate interests: We may process personal data when it is necessary for our legitimate interests or those of a third party, provided that such interests are not overridden by the individual’s rights and interests.

Individual Rights: We respect the rights of individuals as granted by the GDPR. These rights include:

  1. Right to be informed: Individuals have the right to be informed about the collection and use of their personal data.
  2. Right of access: Individuals have the right to access their personal data and obtain information about how it is being processed.
  3. Right to rectification: Individuals have the right to request the correction or updating of inaccurate or incomplete personal data.
  4. Right to erasure: Individuals have the right to request the deletion or removal of personal data when there is no compelling reason for its continued processing.
  5. Right to restrict processing: Individuals have the right to request the restriction or suppression of their personal data under certain circumstances.
  6. Right to data portability: Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller.
  7. Right to object: Individuals have the right to object to the processing of their personal data in certain situations.

Data Security: We implement appropriate technical and organizational measures to protect personal data against unauthorized access, accidental loss, destruction, or alteration. We regularly review and update our security measures to ensure the ongoing confidentiality, integrity, and availability of personal data.

Data Transfers: If we transfer personal data to countries outside the European Economic Area (EEA), we will ensure that appropriate safeguards are in place to protect the data in accordance with the GDPR requirements.

Data Breach Notification: In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the affected individuals and the relevant supervisory authorities in accordance with the GDPR obligations.

Data Protection Officer: We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection