.png)
GDPR Policy
At Centilio, we are committed to protecting the privacy and security of our users. This GDPR Policy explains how we comply with the General Data Protection Regulation (GDPR) and outlines our approach to data protection.
1. Data Controller and Data Protection Officer
Centilio is the data controller for the personal data that we collect and process. We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. Our DPO can be contacted at [email protected].
2. Lawful Basis for Processing
We process personal data only when we have a lawful basis for doing so. Our lawful bases include:
a. Consent: We obtain consent from users before collecting and processing their personal data.
b. Contractual necessity: We process personal data that is necessary to fulfill our contractual obligations to our users.
c. Legitimate interests: We process personal data that is necessary for our legitimate interests, such as improving our products and services and preventing fraud.
3. Data Subject Rights
Under the GDPR, individuals have certain rights with respect to their personal data. These rights include:
a. Right of access: Individuals have the right to request access to their personal data that we hold.
b. Right to rectification: Individuals have the right to request that we correct any inaccuracies in their personal data.
c. Right to erasure: Individuals have the right to request that we delete their personal data.
d. Right to restrict processing: Individuals have the right to request that we limit the processing of their personal data.
e. Right to data portability: Individuals have the right to receive a copy of their personal data in a structured, commonly used, and machine-readable format.
f. Right to object: Individuals have the right to object to the processing of their personal data on certain grounds.
4. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and processed, or as required by law. We have retention policies in place to ensure that we do not retain personal data for longer than necessary.
5. Data Security
We take appropriate technical and organizational measures to ensure the security of personal data. We use encryption, firewalls, and access controls to protect personal data from unauthorized access, disclosure, and destruction.
6. Data Breach Notification
In the event of a data breach, we will notify affected individuals and the supervisory authority in accordance with the GDPR requirements.
7. International Data Transfers
We may transfer personal data to countries outside of the European Economic Area (EEA) that do not provide an adequate level of protection for personal data. In such cases, we will ensure that appropriate safeguards are in place to protect personal data.
8. Third-Party Processors
We use third-party processors to process personal data on our behalf. We have contracts in place with these processors that require them to comply with the GDPR and provide appropriate security measures.
9. Privacy by Design
We incorporate privacy by design principles into our products and services. We consider the privacy implications of our products and services from the outset and implement appropriate measures to protect personal data.
10. Training and Awareness
We provide training and awareness programs to our employees and contractors to ensure that they are aware of their GDPR obligations and responsibilities.
11. Contact Us
If you have any questions or concerns about our GDPR compliance, please contact our Data Protection Officer at [email protected].