This GDPR Policy sets out how we, XVAcademy, collect, process, store, and share personal data in compliance with the General Data Protection Regulation (GDPR) and any other applicable data protection legislation.

Definitions

For the purposes of this policy, the following definitions shall apply:

• “Data subject” means an identified or identifiable natural person whose personal data is processed by the controller.
• “Personal data” means any information relating to an identified or identifiable natural person.
• “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Policy Statement

We are committed to protecting the privacy of our customers, suppliers, and employees. We will only collect, process, store and share personal data where it is necessary to provide our services or where required by law.

Data Collection and Processing

We will only collect personal data that is necessary for the purposes for which it is collected. We will also ensure that personal data is processed fairly, lawfully, and transparently. Where necessary, we will obtain consent from data subjects before collecting and processing their personal data.

Data Storage

We will ensure that personal data is stored securely and protected against unauthorized or unlawful processing, accidental loss, destruction or damage. Personal data will only be stored for as long as necessary for the purposes for which it was collected.

Data Sharing

We will only share personal data with third parties where it is necessary to provide our services or where required by law. We will ensure that any third party that processes personal data on our behalf does so in compliance with the GDPR.

Data Subject Rights

Data subjects have the following rights in relation to their personal data:

• The right to access their personal data
• The right to rectify their personal data
• The right to erase their personal data
• The right to restrict processing of their personal data
• The right to object to the processing of their personal data
• The right to data portability

We will ensure that data subjects can exercise these rights easily and without undue delay.

Data Breaches

We will ensure that appropriate technical and organizational measures are in place to prevent personal data breaches. In the event of a personal data breach, we will take appropriate action to mitigate the risks and will report the breach to the relevant supervisory authority without undue delay.

Conclusion

We take our data protection obligations seriously and are committed to complying with the GDPR and any other applicable data protection legislation. If you have any questions about our GDPR Policy, please contact us.