Compliance Policy
๐ 2 min read
๐
๐
๐379 words
๐ท๏ธ Tags:legalcompliancegdprccpapipedapdpasecurity
Compliance Policy of DataCareph.com outlining adherence to GDPR, CCPA, PIPEDA, and PDPA, including data rights, security measures, transfers, and breach notifications.
Compliance Policy
Effective Date: August 23, 2025
This Compliance Policy explains how DataCareph.com ensures compliance with global data protection laws.
1. Scope
This Policy applies to:
- All Services provided by DataCareph.com.
- All users worldwide.
- All processing of personal data.
2. Applicable Laws
We comply with the following data protection frameworks:
- GDPR (General Data Protection Regulation, EU)
- CCPA (California Consumer Privacy Act, USA)
- PIPEDA (Personal Information Protection and Electronic Documents Act, Canada)
- PDPA (Data Privacy Act, Philippines)
3. Lawful Bases
Our processing of personal data is based on:
- Consent (where required).
- Contract (to deliver our Services).
- Legitimate interests (to improve Services).
- Legal obligations (to comply with applicable laws).
4. Data Subject Rights
We honor all applicable user rights under global privacy laws, including:
- Right of access to personal data.
- Right of correction/rectification.
- Right to erasure ("right to be forgotten").
- Right to object to processing.
- Right to data portability.
Requests can be made via info@datacareph.com.
5. Data Security
We implement industry-standard security measures:
- TLS encryption for data in transit.
- AES-256 encryption for data at rest.
- Firewalls and Cloudflare DDoS protection.
- Access restrictions and staff security training.
6. Data Transfers
- Cross-border data transfers follow GDPR Standard Contractual Clauses (SCCs).
- Equivalent safeguards are applied under non-EU laws.
7. Role of Data Protection Officer (DPO)
Our DPO oversees:
- Compliance with data protection laws.
- Risk management and privacy impact assessments.
- Handling of data subject requests.
8. Monitoring & Audits
We ensure compliance through:
- Regular internal audits.
- Vendor contract reviews.
- Ongoing compliance monitoring.
9. Third-Party Processors
- Vendors must sign Data Processing Agreements (DPAs).
- All third-party processors are bound by confidentiality and security obligations.
10. Breach Notification
- In the event of a data breach, affected users and regulators will be notified promptly as required by law.
11. Updates to Policy
This Compliance Policy may be updated periodically to reflect:
- Changes in laws.
- Regulatory guidance.
- Operational adjustments.
12. Contact
Data Protection Officer (DPO)
- ๐ง Email: info@datacareph.com
- ๐ฎ Address: 799-B, J.M. Basa St., City Proper, Iloilo, 5000, Philippines
Version: 1.0.0