Compliance Statement
Last Updated: 28-08-2024
1. Introduction
VEPANDO, a sole proprietorship registered in the Netherlands, is committed to protecting the privacy and personal data of our clients, partners, and website visitors. This GDPR Compliance Statement outlines how VEPANDO complies with the requirements of the European Union’s General Data Protection Regulation (GDPR).
2. Our Commitment
VEPANDO takes data protection seriously and has implemented the necessary technical and organizational measures to ensure GDPR compliance. We are dedicated to transparency in how we collect, use, and protect personal data.
3. Responsibility for Data Protection
While VEPANDO has not appointed a Data Protection Officer (DPO) at this time, we take our data protection responsibilities very seriously. For any data protection inquiries, users can contact us through our standard communication channels.
4. Data Subject Rights
VEPANDO respects and upholds the rights of data subjects under the GDPR. These rightsinclude:
• Right of Access
• Right to Rectification
• Right to Erasure ("Right to be Forgotten")
• Right to Restrict Processing
• Right to Data Portability
• Right to Object to Processing
Data subjects can exercise their rights by contacting VEPANDO via email at info@vepando.com. We aim to respond to all requests within 30 days.
5. International Data Transfers
VEPANDO may transfer personal data outside the European Economic Area (EEA), for example, to third parties such as Google when using Google Analytics. To ensure the protection of this data, VEPANDO utilizes Standard Contractual Clauses (SCCs) to provide adequate safeguards for these international transfers.
6. Data Retention
VEPANDO adheres to the following data retention periods for different categories of personal data:
• Contact Information: Retained for the duration of the client relationship and up to 2 years thereafter for marketing purposes, unless otherwise requested by the data subject.
• Billing Information: Retained for 7 years in accordance with tax obligations.
• User Interaction Data: Retained for up to 26 months for analytical purposes.
7. Data Collection and Use
VEPANDO collects and processes personal data for the following purposes:
• Delivering our AI and automation services
• Enhancing our services and customer support
• Complying with legal obligations
• Marketing and communication (with the consent of the data subject)
We only collect the data necessary for these purposes and process it in a fair and transparent manner.
8. Data Security
VEPANDO implements appropriate technical and organizational measures to ensure the security of personal data. These measures include, but are not limited to:
• Encryption of sensitive data
• Regular security audits
• Access controls and authentication procedures
• Employee training on data protection and security
9. Data Breaches
In the unlikely event of a data breach that poses a risk to the rights and freedoms of data subjects, VEPANDO will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Data subjects will be informed if the breach is likely to result in a high risk to their rights and freedoms.
10. Continuous Improvement
VEPANDO continually evaluates and improves its data protection practices to comply with the GDPR and other relevant legislation. We monitor legal developments closely and adjust our practices accordingly.
11. Contact
For any questions or comments about our GDPR Compliance Statement or our data protection practices, please contact:
VEPANDO
Email: info@vepando.com
Website: https://vepando.com