Rezometry Privacy Policy

Introduction

Rezometry is committed to protecting the privacy and security of personal data entrusted to us by our clients, partners, employees, and other stakeholders. This privacy policy outlines our approach to complying with privacy policies and the General Data Protection Regulation (GDPR) and related data protection laws.

Scope

This policy applies to all personal data processed by Rezometry, regardless of the medium used for data processing.

Definitions

"Personal Data": Any information relating to an identified or identifiable natural person, as defined in Article 4 of the GDPR. "Data Subject": The identified or identifiable natural person to whom the personal data relates. "Processing": Any operation or set of operations performed on personal data, such as collection, recording, storage, adaptation, or disclosure.

Lawful Basis for Processing

Rezometry will only process personal data when one or more of the following lawful bases apply:

• The processing is necessary for the performance of a contract with the data subject or to take pre-contractual steps at the data subject's request.
• The processing is necessary for compliance with a legal obligation to which Rezometry is subject.
• The processing is necessary to protect the vital interests of the data subject or another natural person.
• The processing is necessary for the legitimate interests pursued by Rezometry or a third party, provided that such interests do not override the data subject's fundamental rights and freedoms.
• The data subject has provided explicit consent for specific processing purposes.

Data Collection and Processing

Rezometry will collect and process personal data only for specified, explicit, and legitimate purposes. Data collected will be adequate, relevant, and limited to what is necessary for the purposes of processing. Data will be kept accurate and up-to-date, and any inaccurate data will be rectified without undue delay.

Data Subject Rights

Rezometry acknowledges the following data subject rights and will facilitate their exercise:

• Right to access: Data subjects have the right to access their personal data and request information about the processing activities.
• Right to rectification: Data subjects can request the correction of inaccurate or incomplete data.
• Right to erasure: Data subjects have the right to request the deletion of their personal data in certain circumstances.
• Right to restriction of processing: Data subjects can request limitations on the processing of their data under specific conditions.
• Right to data portability: Data subjects can receive their personal data in a structured, commonly used, and machine-readable format and transfer it to another data controller.
• Right to object: Data subjects can object to the processing of their personal data based on specific grounds.

Data Security

Rezometry will implement appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, or destruction. These measures include, but are not limited to:

• Regular data security risk assessments.
• Secure storage and transmission of data.
• Access controls and permissions to limit data access to authorized personnel.
• Data encryption where applicable.

Data Breach Notification

In the event of a data breach that poses a risk to the rights and freedoms of data subjects, Rezomery will notify the appropriate supervisory authority and affected individuals without undue delay, as required by the GDPR.

Data Processing Agreements (DPAs)

Rezometry will establish Data Processing Agreements with any third-party processors that handle personal data on behalf of the company, outlining their responsibilities and obligations in line with GDPR requirements.

Data Protection Officer (DPO)

Rezometry may appoint a Data Protection Officer (DPO) responsible for overseeing GDPR compliance. The DPO's contact information will be made available to data subjects and supervisory authorities.

Consent Management

If Rezometry relies on consent as a lawful basis for processing personal data, we will seek explicit and freely given consent from data subjects. Consent will be properly documented and can be withdrawn at any time.

Employee Training and Awareness

Rezometry will provide regular training and awareness programs for employees to ensure they understand their responsibilities and obligations regarding GDPR compliance.

Compliance Monitoring and Auditing

Rezometry will conduct regular compliance monitoring and internal audits to identify and address potential issues related to GDPR and data protection.

Updates and Revisions

Rezometry will review and update this GDPR policy periodically, and any revisions will be communicated to employees and other relevant stakeholders.