1. Introduction
This GDPR Policy explains how 20 Hour Work Week (“we,” “our,” or “us”) complies with the General Data Protection Regulation (GDPR) in relation to the processing of personal data of individuals in the European Union (EU) and European Economic Area (EEA).
2. Data Controller
For the purposes of the GDPR, we are the data controller of personal data collected through our website [Your Website URL].
3. Legal Basis for Processing
We process personal data on the following legal bases:
- Consent: We collect and process your personal data when you have given us specific consent, such as when you subscribe to our newsletter.
- Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.
- Performance of a Contract: When you use our services, we process your personal data to perform our obligations under that contract.
- Legal Obligations: We may process your data to comply with our legal obligations.
4. Your Rights Under GDPR
Under the GDPR, you have the following rights:
- Right to Access: You have the right to request copies of your personal data.
- Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or incomplete.
- Right to Erasure: You have the right to request that we erase your personal data, under certain conditions.
- Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
- Right to Object: You have the right to object to our processing of your personal data, under certain conditions.
- Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
5. Data Retention
We will retain your personal data only for as long as is necessary for the purposes set out in our Privacy Policy. We will retain and use your data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.
6. Data Protection Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data
- Regular testing of security measures
- Pseudonymization and anonymization of data where possible
- Staff training on data protection and security
7. International Data Transfers
If we transfer your personal data outside the EU/EEA, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
8. Data Breach Notification
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
9. Data Protection Officer
We have not appointed a Data Protection Officer as we do not meet the criteria requiring such an appointment. However, for any GDPR-related queries, please contact us.
10. Changes to This GDPR Policy
We may update our GDPR Policy from time to time.
11. How to Contact Us
If you have any questions about this GDPR Policy or would like to exercise your data protection rights, please contact us.