GENERAL DATA PROTECTION REGULATION (GDPR) STATEMENT OF PARADOX GUITARS
On 25 May 2018, the European Regulation 2016/679 (General Data Protection Regulation or GDPR) came into force, concerning the protection of individuals with regard to the processing of personal data and the free circulation of such data, which repealed the EC Directive 95/46 and had a significant impact on Legislative Decree 196/2003 (Personal Data Protection Code). It's an invaluable tool for data protection and security, and more specifically, it aims to help consumers like you make more informed choices and stay in control of this sensitive information even after sharing it with trusted companies.
Paradox Guitars takes the security and privacy of your personal and business data seriously and we have worked with care and passion to be in line with these new requirements.
Paradox Guitars is dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose, and demonstrates an understanding of, and appreciation for the new Regulation.
Information Audit - carrying out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed, and if and to whom it is disclosed.
Policies & Procedures - revising data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including:
Data Protection – our main policy and procedure document for data protection has been overhauled to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.
Data Retention & Erasure – we have updated our retention policy and schedule to ensure that we meet the 'data minimization' and 'storage limitation' principles and that personal information is stored, archived, and destroyed compliantly and ethically. We have dedicated erasure procedures in place to meet the new 'Right to Erasure' obligation and are aware of when this and other data subject’s rights apply; along with any exemptions, response timeframes, and notification responsibilities.
Data Breaches – our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate, and report any personal data breach at the earliest possible time. Our procedures are robust and have been disseminated to all employees, making them aware of the reporting lines and steps to follow.
Privacy Notice/Policy - we revised our Privacy Notice(s) to comply with the GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, whom the information is disclosed to and what safeguarding measures are in place to protect their information.
Obtaining Consent - we revised our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it, and giving clear, defined ways to consent to us processing their information.
Data Protection Impact Assessments (DPIA) - where we process personal information that is considered high risk, involves large-scale processing, or includes special category/criminal conviction data; we have developed stringent procedures and assessment templates for carrying out impact assessments that comply fully with the GDPR's Article 35 requirements.
Please contact us if you have any questions, require more information about our GDPR compliance, or have any requests related to your personal data.
This GDPR Statement was last updated on August 2023.