GDPR Compliance

Introduction to GDPR

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

Our Commitment to GDPR Compliance

At Mono Petra, we are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognize our obligations in updating and expanding this program to meet the demands of the GDPR.

How We Comply with GDPR

We have implemented the following measures to ensure our compliance with GDPR:

1. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and its implementation to ensure compliance with GDPR requirements.

2. Data Protection Impact Assessments

We carry out Data Protection Impact Assessments (DPIAs) for all high-risk processing activities to identify and minimize data protection risks.

3. Data Processing

We have reviewed all our data processing activities to ensure they comply with GDPR requirements. This includes:

  • Processing personal data lawfully, fairly, and in a transparent manner
  • Collecting personal data only for specified, explicit, and legitimate purposes
  • Ensuring personal data is adequate, relevant, and limited to what is necessary
  • Keeping personal data accurate and up to date
  • Storing personal data for no longer than necessary
  • Processing personal data securely to protect against unauthorized or unlawful processing, accidental loss, destruction, or damage

4. Data Subject Rights

We respect and uphold the rights of data subjects under the GDPR, including:

  • Right to be informed: We provide clear and transparent information about how we use personal data.
  • Right of access: Data subjects can request access to their personal data.
  • Right to rectification: Data subjects can request that inaccurate personal data be corrected.
  • Right to erasure: Data subjects can request that their personal data be deleted.
  • Right to restrict processing: Data subjects can request that we limit the processing of their personal data.
  • Right to data portability: Data subjects can request to receive their personal data in a structured, commonly used, and machine-readable format.
  • Right to object: Data subjects can object to the processing of their personal data.
  • Rights related to automated decision making and profiling: Data subjects have rights related to automated decision making and profiling.

5. Consent

We have revised our consent mechanisms to ensure that we obtain explicit consent for the collection and processing of personal data where required. We also ensure that data subjects can withdraw their consent at any time.

6. Data Breaches

We have implemented procedures to detect, report, and investigate personal data breaches. In the event of a data breach that poses a risk to the rights and freedoms of data subjects, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk to the rights and freedoms of data subjects, we will also notify the affected individuals without undue delay.

7. International Data Transfers

We ensure that any personal data transferred outside the EU is protected by appropriate safeguards, such as standard contractual clauses, binding corporate rules, or other mechanisms approved by the European Commission.

Your Rights Under GDPR

If you are a European resident, you have the right to access, rectify, download or erase your information, as well as the right to restrict and object to certain processing of your information. While some of these rights apply generally, certain rights apply only in certain limited circumstances. We describe these rights below:

  • Access: You can access much of your information by logging into your account. If you require additional access, you can contact us to request a copy of your information.
  • Rectify, Restrict, Delete: You can also rectify, restrict, or delete much of your information by logging into your account. If you cannot do this, please contact us.
  • Object: Where we process your information based on our legitimate interests, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons.
  • Portability: You can ask us to provide your personal information to you in a structured, commonly used, and machine-readable format.
  • Withdraw Consent: Where we process your information based on your consent, you have the right to withdraw that consent at any time.
  • Complain: You have the right to lodge a complaint with a data protection authority about our collection and use of your personal information.

Contact Us

If you have any questions about our GDPR compliance or wish to exercise your rights under GDPR, please contact our Data Protection Officer at [email protected].