The EU General Data Protection Regulation (GDPR) is a privacy and data protection regulation in the European Union that came into force on May 25, 2018. The GDPR aims to standardise data protection laws and imposes new obligations on organisations that control or process personal data, including the introduction of new rights and safeguards for EU citizens.
HMR is committed to ensuring protection of all personal information that we hold, by strictly following the provisions of all relevant Data Protection Legislation, including GDPR.
personal data are:
1.Processed lawfully, fairly and in a transparent manner;
2.Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
3.Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
4.Accurate and, where necessary, kept up to date;
5.Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; and
6.Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
HMR has implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk,
taking into account the state of the art, implementation costs and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, and continues to update such measures following the best practices and recommendations.
We have revised our normative body (e.g. internal policies, standards, procedures, working instructions) in order to meet the requirements of the GDPR, implemented a governance model and have established a Data Privacy Team, which has led the GDPR transformation and implementation project and continues to ensure compliance on an ongoing basis, both as processor and controller of personal data.
If you want additional information about the GDPR data subject rights, or if you have any questions related to GDPR compliance or data protection, please email firstname.lastname@example.org