1. Introduction
This GDPR Compliance Policy outlines the procedures and actions BioSkinsy Private Limited, an organization situated in India, will adopt to ensure protection and privacy of personal data in compliance with the General Data Protection Regulation (GDPR). The aim is to safeguard the rights of individuals and bolster our commitment to data privacy and protection.
2. Purpose
The purpose of this policy is to ensure that BioSkinsy Private Limited processes personal data in compliance with GDPR standards, ensuring transparency, security, and respect for privacy rights, notwithstanding operating in a non-EU located region. This demonstrates our commitment to the international data protection standards.
3. Scope
This policy applies to all employees, contractors, and third-party partners of BioSkinsy Private Limited involved in the processing of personal data. It covers all personal data processed by the organization, whether electronically or in hard copy.
4. Definitions
– Personal Data: Any information relating to an identified or identifiable natural person.
– Data Subjects: Individuals whose personal data is processed by the organization.
– Processing: Any operation performed on personal data, whether automated or manual,
including collecting, storing, using, and erasing data.
5. Data Protection Principles
BioSkinsy Private Limited commits to processing personal data in compliance with the core principles of GDPR:
a. Lawfulness, Fairness, and Transparency: Ensure that all data processing activities are legal, fair, and transparent to the data subjects.
b. Purpose Limitation: Collect data only for specified, explicit, and legitimate purposes and not process it further in a manner that is incompatible with those purposes.
c. Data Minimization: Collect and process only the data necessary for the purposes defined.
d. Accuracy: Ensure that personal data is accurate and, where necessary, kept up to date.
e. Storage Limitation: Retain personal data only for as long as is necessary to fulfill the purposes
for which it was collected.
f. Integrity and Confidentiality: Protect personal data against unauthorized or unlawful processing, as well as accidental loss, destruction, or damage, using appropriate technical and organizational measures.
6. Rights of Data Subjects
BioSkinsy Private Limited upholds the rights of data subjects, including:
– The right to be informed about data collection and use.
– The right to access personal data.
– The right to rectify inaccurate personal data.
– The right to erase data (“right to be forgotten”).
– The right to restrict data processing.
– The right to data portability.
– The right to object to data processing.
– Rights in relation to automated decision-making and profiling.
7. Data Protection Officer (DPO)
A Data Protection Officer will be appointed to oversee GDPR compliance efforts, act as a point of contact for data subjects, and liaise with authorities as necessary.
8. Data Breach Protocol
In the event of a personal data breach, BioSkinsy Private Limited is committed to timely and transparent reporting to supervisory authorities and affected data subjects as required under GDPR guidelines.
9. Training and Awareness
All personnel involved in personal data processing will receive regular GDPR training to ensure compliance and awareness of data protection responsibilities.
10. Policy Review and Updates
This policy will be reviewed annually and updated as necessary to remain compliant with GDPR and evolving business practices.
11. Contact Information
For questions or concerns regarding this policy, please contact our Data Protection Officer at support@bioskinsy.com.
Acknowledgment
By adhering to this policy, BioSkinsy Private Limited affirms our commitment to safeguarding personal data and complying with GDPR principles, reinforcing our dedication to transparency, trust, and accountability.
This document is intended for internal use by BioSkinsy Private Limited and should not be shared externally without explicit authorization.