Last updated: 28/02/2024
1. Introduction
This GDPR Compliance Policy (“Policy”) outlines the measures and procedures adopted by JDC Online Projects (“we,” “our,” or “us”) to ensure compliance with the General Data Protection Regulation (GDPR).
2. Scope and Applicability
This Policy applies to all personal data processed by JDC Online Projects, including data collected from users, customers, employees, and other individuals.
3. Data Protection Officer
JDC Online Projects has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with the GDPR. You can contact the DPO at james@jamescoffey.me.
4. Data Processing Principles
We adhere to the following GDPR data processing principles:
4.1 Lawfulness, Fairness, and Transparency
We process personal data lawfully, fairly, and transparently, ensuring that individuals are informed about the processing of their data.
4.2 Purpose Limitation
We collect and process personal data for specified, explicit, and legitimate purposes. Any additional processing will require consent or be compatible with the original purpose.
4.3 Data Minimization
We only collect and process the personal data that is necessary for the intended purpose.
4.4 Accuracy
We take reasonable steps to ensure the accuracy of personal data and rectify or erase inaccurate data without undue delay.
4.5 Storage Limitation
We store personal data for no longer than necessary for the intended purpose, and we have established retention periods for different types of data.
4.6 Integrity and Confidentiality
We implement appropriate security measures to protect personal data from unauthorized access, disclosure, alteration, and destruction.
5. Data Subject Rights
We respect the rights of data subjects under the GDPR, including the right to access, rectify, erase, restrict processing, data portability, and object to processing. Data subjects can exercise their rights by contacting us at james@jamescoffey.me.
6. Data Breach Response
In the event of a data breach, we have established procedures to identify, assess, and report breaches to the relevant supervisory authority and affected data subjects, where required.
7. International Data Transfers
When transferring personal data outside the European Economic Area (EEA), we ensure compliance with GDPR requirements, including the use of standard contractual clauses or other lawful mechanisms.
8. Data Protection Impact Assessments (DPIAs)
We conduct DPIAs for high-risk data processing activities to assess and mitigate potential risks to data subjects’ rights and freedoms.
9. Data Processing Records
We maintain detailed records of our data processing activities, including purposes, categories of data subjects, and recipients of personal data.
10. Privacy by Design and Default
We implement privacy by design and default principles, considering data protection from the outset of system and product development.
11. Updates to this Policy
This Policy is subject to periodic review and may be updated to reflect changes in our data processing activities or legal requirements. The “Last updated” date at the top of this page indicates the latest revision.
12. Contact Us
If you have any questions or concerns about our GDPR compliance, please contact us at james@jamescoffey.me.