top of page

GDPR Policy

Last Updated: January 2nd, 2024

1. Introduction

 

This GDPR Policy outlines how "Doula Lili,", complies with the General Data Protection Regulation (GDPR) regarding the processing of personal data.

2. Data Processing Principles

Personal data is processed lawfully, transparently, and for specified purposes. It is collected for legitimate reasons and not further processed in a manner incompatible with those purposes.

3. Legal Basis for Processing

Personal data is processed based on the legal bases outlined in the GDPR, such as the necessity of processing for the performance of a contract, compliance with a legal obligation, protection of vital interests, consent, the performance of a task carried out in the public interest, or legitimate interests pursued by the data controller or a third party.

4. Data Subject Rights

Data subjects have the right to access, rectify, erase, restrict processing, object to processing, and portability of their personal data. These rights are facilitated in accordance with GDPR requirements.

5. Data Minimization

Only necessary personal data is collected and processed, and data storage durations are clearly communicated in our Privacy Policy.

6. Security Measures

Appropriate technical and organizational measures are implemented to ensure the security, confidentiality, and integrity of personal data. This includes encryption, access controls, and regular security assessments.

7. Lawful Processing of Sensitive Data

If sensitive data, such as health information, is processed, there is a lawful basis for such processing, and explicit consent is obtained from the data subject.

8. Third-Party Data Processing

When engaging with third-party service providers, we ensure compliance with GDPR requirements and suitable measures for protecting personal data. Details of third-party collaborations and their privacy policies are outlined in our Privacy Policy.

9. Data Protection Officer (DPO)

If applicable, the Data Protection Officer's contact information is provided in our Privacy Policy for data subjects to address inquiries related to data protection.

10. Data Breach Notification

In the event of a data breach, a prompt assessment of the risk to individuals is conducted, and if necessary, relevant supervisory authorities and affected data subjects are notified in accordance with GDPR requirements.

11. Review and Update

This GDPR Policy is periodically reviewed and updated to ensure ongoing compliance with data protection regulations.

bottom of page