GDPR Compliance Details (Add/Integrate These Sections):
1. Legal Basis for Processing Personal Data
-
Explain all the legal grounds for processing personal data (e.g., user consent, legitimate interest, contractual necessity, legal obligations).
-
Example: “We process your personal data based on your explicit consent, for contract fulfillment, or as required by law. Where consent is relied upon, you can withdraw it at any time.”
2. Explicit Consent
-
Clearly state that you obtain explicit consent for collecting and using personal data, especially for email sign-ups, comments, or analytics cookies.
-
Example: “We obtain your explicit, informed consent before processing your personal data, and you have the right to withdraw your consent at any time.”
3. Data Subject Rights
List the rights of users under GDPR:
-
The right to access their personal data
-
The right to rectification (correction of inaccurate data)
-
The right to erasure (“right to be forgotten”)
-
The right to restrict or object to processing
-
The right to data portability
-
The right to withdraw consent at any time
Explain how users can exercise these rights (e.g., by contacting you at your provided contact email).
4. Data Protection Measures
-
Outline security protocols (encryption, access restriction, regular audits).
-
State that you take “Privacy by Design” and “Privacy by Default” approaches—proactive data minimization and secure storage from the outset.
5. Third-Party Processing and International Transfers
-
Name any third-party processors (email list providers, website analytics, etc.) and state that data shared with these providers will be protected per GDPR requirements.
-
For international data transfers, mention if data may be transferred outside the EU and ensure that adequate data protection safeguards are in place.
6. Data Breach Notification
-
State you will notify relevant authorities and affected individuals within 72 hours if a data breach involving personal data occurs.
7. Data Retention
-
Clarify how long you retain personal information, and under which grounds it will be deleted or anonymized.
8. Contact Details for Data Inquiries
-
Include a contact email for exercising GDPR rights or data requests.
Sample GDPR Compliance Addendum for Your Policy
You can directly add this text—tailored and editable—to your policy section:
GDPR Compliance
As required by the General Data Protection Regulation (GDPR):
-
Legal Basis: We process personal data on the legal bases of consent, contractual necessity, or legal obligation.
-
User Rights: Site visitors from the European Union have the right to access, correct, erase, restrict, or object to processing of their personal data, as well as to data portability and withdrawal of consent at any time.
-
Consent & Data Use: No personal data is collected without your explicit, informed consent. All consents are freely given, specific, informed, and unambiguous. You may withdraw consent by contacting us at contact@pksandir.com.
-
Data Protection: We employ technical and organizational measures (encryption, access control, and monitoring) in line with the principle of privacy by design and by default.
-
Third-Party Processors: When using third-party services (Google Analytics, email newsletter, etc.), we ensure data protections are at least equivalent to EU standards. International data transfers are only made where appropriate safeguards apply.
-
Breach Notification: If a personal data breach occurs, affected individuals and supervisory authorities will be notified within 72 hours, in compliance with GDPR.
-
Data Retention: Personal data is retained only as long as necessary for the purposes outlined in this policy or as required by law.
-
Your Rights: To exercise your rights or make data-related requests, contact: contact@pksandir.com.