1. Introduction
Custom Brand Co Ltd ("we," "our," or "us") is committed to protecting the privacy and data rights of individuals, and we strive to comply with the General Data Protection Regulation (GDPR) to ensure the fair and lawful processing of personal data. This GDPR Compliance Policy outlines our data protection practices to protect the rights and privacy of individuals whose personal data we process.
2. Scope
This policy applies to all personal data collected, processed, and stored by Custom Brand Co Ltd during the course of our business operations. It covers data relating to employees, customers, suppliers, contractors, and any other individuals whose personal data we handle.
3. Principles of Data Protection
We adhere to the following principles when processing personal data in compliance with GDPR:
a. Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and in a transparent manner to protect the rights of data subjects.
b. Purpose Limitation: Personal data is collected for specified, explicit, and legitimate purposes, and it is not further processed in a manner incompatible with those purposes.
c. Data Minimization: We only collect and process personal data that is necessary and relevant for the purposes defined.
d. Accuracy: We strive to keep personal data accurate and up to date. Data subjects have the right to request corrections to their data.
e. Storage Limitation: Personal data is retained only for the time required to fulfill the purposes for which it was collected, or as required by law.
f. Integrity and Confidentiality: We implement appropriate security measures to protect personal data from unauthorized access, alteration, disclosure, or destruction.
4. Lawful Basis for Processing
We identify and document the lawful basis for processing personal data as defined in Article 6 of the GDPR. The lawful bases include:
a. Consent: When individuals provide explicit consent for the processing of their personal data for specific purposes.
b. Contractual Necessity: When processing is necessary for the performance of a contract with the data subject.
c. Legal Obligation: When processing is necessary to comply with legal obligations.
d. Legitimate Interests: When processing is necessary for our legitimate interests or the legitimate interests of a third party.
5. Rights of Data Subjects
We recognize and uphold the rights of data subjects as defined in Chapter 3 of the GDPR. These rights include:
a. Right to Access: Data subjects have the right to request access to their personal data held by us.
b. Right to Rectification: Data subjects can request corrections to inaccurate or incomplete personal data.
c. Right to Erasure: Data subjects have the right to request the deletion of their personal data under specific circumstances.
d. Right to Restriction of Processing: Data subjects can request a restriction on the processing of their personal data under certain conditions.
e. Right to Data Portability: Data subjects can request to receive their personal data in a structured, commonly used, and machine-readable format.
f. Right to Object: Data subjects can object to the processing of their personal data for certain purposes, including direct marketing.
6. Data Security
We implement appropriate technical and organizational measures to ensure the security of personal data against unauthorized access, disclosure, alteration, or destruction. Our security measures include:
a. Access Controls: Limiting access to personal data to authorized personnel only.
b. Data Encryption: Encrypting sensitive personal data to protect its confidentiality.
c. Data Breach Response: Establishing a data breach response plan to detect, assess, and report any data breaches as required by GDPR.
7. Data Transfers
We ensure that any transfer of personal data outside the European Economic Area (EEA) complies with the GDPR requirements. Adequate safeguards, such as Standard Contractual Clauses or Privacy Shield Frameworks, will be put in place.
8. Data Protection Officer (DPO)
We have appointed a Data Protection Officer responsible for overseeing our data protection activities and compliance with the GDPR. Data subjects can contact the DPO at DPO@Custombrandco.com
9. Training and Awareness
We provide regular training to employees involved in processing personal data to ensure their understanding of GDPR requirements and data protection best practices.
10. GDPR Compliance Review
We conduct periodic reviews of our data processing activities to ensure ongoing compliance with GDPR and other applicable data protection laws.
11. Contact Information
If you have any questions or concerns about our GDPR compliance or wish to exercise your data rights, please contact us at: