GDPR POLICY
Effective Date: 01/01/2023
1. Introduction
Hi-Tech Investment ("the Company") is committed to protecting the privacy and personal data of individuals and complying with the General Data Protection Regulation (GDPR) and any applicable data protection laws. This GDPR Policy outlines our approach to data protection and our commitment to ensuring the privacy and security of personal data collected, used, processed, and stored by the Company.
2. Scope
This policy applies to all employees, contractors, and third-party service providers who handle personal data on behalf of Hi-Tech Investment. It covers all personal data collected and processed by the Company, regardless of the format or medium in which it is stored.
3. Definitions
a. Personal Data: Any information relating to an identified or identifiable natural person, as defined in Article 4(1) of the GDPR.
b. Data Controller: The natural or legal person, public authority, agency, or other body that determines the purposes and means of processing personal data.
c. Data Processor: A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller.
4. Principles for Processing Personal Data
a. Lawfulness, Fairness, and Transparency: Personal data must be processed lawfully, fairly, and in a transparent manner. Individuals must be provided with clear information about the purposes and legal basis for processing their personal data.
b. Purpose Limitation: Personal data should only be collected for specified, explicit, and legitimate purposes. It should not be further processed in a manner incompatible with those purposes.
c. Data Minimization: The Company shall only collect and process personal data that is adequate, relevant, and limited to what is necessary for the intended purposes.
d. Accuracy: Personal data must be accurate, and where necessary, kept up to date. Reasonable steps should be taken to ensure that inaccurate or incomplete data is rectified or erased.
e. Storage Limitation: Personal data should be stored for no longer than necessary for the purposes it was collected. Retention periods should be determined based on legal, regulatory, and business requirements.
f. Integrity and Confidentiality: Appropriate technical and organizational measures shall be implemented to ensure the security and confidentiality of personal data.
g. Accountability: The Company is responsible for demonstrating compliance with the principles and requirements of the GDPR. Records of processing activities and other necessary documentation shall be maintained.
5. Lawful Basis for Processing Personal Data
The Company shall ensure that personal data is processed lawfully, based on one or more of the lawful bases specified in Article 6 of the GDPR, such as the data subject's consent, the necessity for the performance of a contract, compliance with a legal obligation, protection of vital interests, performance of a task carried out in the public interest or in the exercise of official authority, or legitimate interests pursued by the data controller or a third party.
6. Data Subject Rights
a. Right to be Informed: Individuals have the right to be informed about the collection and use of their personal data.
b. Right of Access: Individuals have the right to request access to their personal data and to obtain information about how it is processed.
c. Right to Rectification: Individuals have the right to request the correction of inaccurate or incomplete personal data.
d. Right to Erasure: Individuals have the right to request the deletion or removal of their personal data in certain circumstances.
e. Right to Restrict Processing: Individuals have the right to request the restriction or suppression of their personal data in certain situations.
f. Right to Data Portability: Individuals have the right to obtain and reuse their personal data for their own purposes across different services.