Compliance Statement

Last Updated: 28-08-2024

1. Introduction

VEPANDO, a sole proprietorship registered in the Netherlands, is committed to protecting the privacy and personal data of our clients, partners, and website visitors. This GDPR Compliance Statement outlines how VEPANDO complies with the requirements of the European Union’s General Data Protection Regulation (GDPR).

2. Our Commitment

VEPANDO takes data protection seriously and has implemented the necessary technical and organizational measures to ensure GDPR compliance. We are dedicated to transparency in how we collect, use, and protect personal data.

3. Responsibility for Data Protection

While VEPANDO has not appointed a Data Protection Officer (DPO) at this time, we take our data protection responsibilities very seriously. For any data protection inquiries, users can contact us through our standard communication channels.

4. Data Subject Rights

VEPANDO respects and upholds the rights of data subjects under the GDPR. These rightsinclude:

• Right of Access

• Right to Rectification

• Right to Erasure ("Right to be Forgotten")

• Right to Restrict Processing

• Right to Data Portability

• Right to Object to Processing

Data subjects can exercise their rights by contacting VEPANDO via email at info@vepando.com. We aim to respond to all requests within 30 days.

5. International Data Transfers

VEPANDO may transfer personal data outside the European Economic Area (EEA), for example, to third parties such as Google when using Google Analytics. To ensure the protection of this data, VEPANDO utilizes Standard Contractual Clauses (SCCs) to provide adequate safeguards for these international transfers.

6. Data Retention

VEPANDO adheres to the following data retention periods for different categories of personal data:

• Contact Information: Retained for the duration of the client relationship and up to 2 years thereafter for marketing purposes, unless otherwise requested by the data subject.

• Billing Information: Retained for 7 years in accordance with tax obligations.

• User Interaction Data: Retained for up to 26 months for analytical purposes.

7. Data Collection and Use

VEPANDO collects and processes personal data for the following purposes:

• Delivering our AI and automation services

• Enhancing our services and customer support

• Complying with legal obligations

• Marketing and communication (with the consent of the data subject)

We only collect the data necessary for these purposes and process it in a fair and transparent manner.

8. Data Security

VEPANDO implements appropriate technical and organizational measures to ensure the security of personal data. These measures include, but are not limited to:

• Encryption of sensitive data

• Regular security audits

• Access controls and authentication procedures

• Employee training on data protection and security

9. Data Breaches

In the unlikely event of a data breach that poses a risk to the rights and freedoms of data subjects, VEPANDO will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Data subjects will be informed if the breach is likely to result in a high risk to their rights and freedoms.

10. Continuous Improvement

VEPANDO continually evaluates and improves its data protection practices to comply with the GDPR and other relevant legislation. We monitor legal developments closely and adjust our practices accordingly.

11. Contact

For any questions or comments about our GDPR Compliance Statement or our data protection practices, please contact:

VEPANDO
Email: info@vepando.com
Website: https://vepando.com