Last Updated: January 2nd, 2024
This GDPR Policy outlines how "Doula Lili,", complies with the General Data Protection Regulation (GDPR) regarding the processing of personal data.
2. Data Processing Principles
Personal data is processed lawfully, transparently, and for specified purposes. It is collected for legitimate reasons and not further processed in a manner incompatible with those purposes.
3. Legal Basis for Processing
Personal data is processed based on the legal bases outlined in the GDPR, such as the necessity of processing for the performance of a contract, compliance with a legal obligation, protection of vital interests, consent, the performance of a task carried out in the public interest, or legitimate interests pursued by the data controller or a third party.
4. Data Subject Rights
Data subjects have the right to access, rectify, erase, restrict processing, object to processing, and portability of their personal data. These rights are facilitated in accordance with GDPR requirements.
5. Data Minimization
6. Security Measures
Appropriate technical and organizational measures are implemented to ensure the security, confidentiality, and integrity of personal data. This includes encryption, access controls, and regular security assessments.
7. Lawful Processing of Sensitive Data
If sensitive data, such as health information, is processed, there is a lawful basis for such processing, and explicit consent is obtained from the data subject.
8. Third-Party Data Processing
9. Data Protection Officer (DPO)
10. Data Breach Notification
In the event of a data breach, a prompt assessment of the risk to individuals is conducted, and if necessary, relevant supervisory authorities and affected data subjects are notified in accordance with GDPR requirements.
11. Review and Update
This GDPR Policy is periodically reviewed and updated to ensure ongoing compliance with data protection regulations.