GDPR Compliance

MiniRec is committed to ensuring the privacy and protection of your data. This page outlines our approach to GDPR (General Data Protection Regulation) compliance and explains how we implement its principles throughout our platform.

Our Commitment

We are dedicated to upholding the principles of GDPR, ensuring that all personal data we process is handled securely, transparently, and with respect for individual privacy rights. Our compliance approach focuses on data minimization, purpose limitation, and user empowerment.

Legal Basis for Processing

MiniRec processes personal data based on one or more of the following legal grounds:

• Consent: You have given clear consent for us to process your personal data for specific purposes.
• Contract: Processing is necessary for the performance of a contract with you.
• Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party (unless there is a good reason to protect your personal data which overrides those legitimate interests).
• Legal Obligation: Processing is necessary for compliance with a legal obligation.

Data Subject Rights

Under GDPR, you have several rights regarding your personal data, including:

• Right to Access: You can request a copy of your personal data.
• Right to Rectification: You can request correction of inaccurate personal data.
• Right to Erasure: You can request deletion of your personal data in certain circumstances.
• Right to Restrict Processing: You can request the restriction of processing of your personal data.
• Right to Data Portability: You can request the transfer of your personal data to another controller.
• Right to Object: You can object to the processing of your personal data in certain circumstances.
• Right to Not Be Subject to Automated Decision-Making: You can request human intervention in automated decision-making processes.

To exercise any of these rights, please contact our Data Protection Officer at dpo@minirecc.com.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data during transmission and at rest
• Regular testing and evaluation of technical and organizational measures
• Access controls and authentication procedures
• Data backup and recovery protocols
• Regular staff training on data protection
• Documented data protection policies and procedures

International Data Transfers

If we transfer personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the European Commission
• Binding corporate rules for transfers within a corporate group
• Adequacy decisions by the European Commission

Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected individuals without undue delay.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and implementation. You can contact our DPO at dpo@minirecc.com.

Updates to This Policy

We may update this GDPR Compliance document from time to time to reflect changes in our practices or regulatory requirements. We will notify you of any significant changes by posting a notice on our website.