GDPR

On 25 May 2018, the European Regulation 2016/679 (General Data Protection Regulation or GDPR) came into force, concerning the protection of individuals with regard to the processing of personal data and the free circulation of such data, which repealed the EC Directive 95/46 and had a significant impact on Legislative Decree 196/2003 (Personal Data Protection Code). It's an invaluable tool for data protection and security, and more specifically, it aims to help consumers like you make more informed choices and stay in control of this sensitive information even after sharing it with trusted companies.

​

Paradox Guitars takes the security and privacy of your personal and business data seriously and we have worked with care and passion to be in line with these new requirements.

​

You can locate and read the updated PRIVACY POLICY relating to the processing of your data. Personal data is defined as any information that identifies a natural person and that can provide details about his characteristics, habits, lifestyle, personal relationships, state of health, or economic situation. Any use or operation, manual or performed using an electronic instrument, on personal data, is defined as treatment. In the significant volume of personal data that is processed, identification data belonging to particular categories and judicial ones are particularly important.

​

Paradox Guitars is dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose, and demonstrates an understanding of, and appreciation for the new Regulation.

​

1. Information Audit - carrying out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed, and if and to whom it is disclosed.

2. Policies & Procedures - revising data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including:

​

• Data Protection – our main policy and procedure document for data protection has been overhauled to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.

• Data Retention & Erasure – we have updated our retention policy and schedule to ensure that we meet the 'data minimization' and 'storage limitation' principles and that personal information is stored, archived, and destroyed compliantly and ethically. We have dedicated erasure procedures in place to meet the new 'Right to Erasure' obligation and are aware of when this and other data subject’s rights apply; along with any exemptions, response timeframes, and notification responsibilities.

• Data Breaches – our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate, and report any personal data breach at the earliest possible time. Our procedures are robust and have been disseminated to all employees, making them aware of the reporting lines and steps to follow.

​

1. Privacy Notice/Policy - we revised our Privacy Notice(s) to comply with the GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, whom the information is disclosed to and what safeguarding measures are in place to protect their information.

2. Obtaining Consent - we revised our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it, and giving clear, defined ways to consent to us processing their information.

3. Data Protection Impact Assessments (DPIA) - where we process personal information that is considered high risk, involves large-scale processing, or includes special category/criminal conviction data; we have developed stringent procedures and assessment templates for carrying out impact assessments that comply fully with the GDPR's Article 35 requirements.

 

Please contact us if you have any questions, require more information about our GDPR compliance, or have any requests related to your personal data.

​

This GDPR Statement was last updated on August 2023.