GDPR Compliance

1. OUR COMMITMENT TO GDPR MATTEALE Consulting & Services is committed to ensuring the security and protection of the personal information that we process. We have implemented comprehensive data protection policies, procedures, and controls to ensure compliance with the General Data Protection Regulation (GDPR). 2. DATA CONTROLLER INFORMATION MATTEALE Consulting & Services acts as a Data Controller for the personal data we collect from our clients, website visitors, and business contacts. Contact Details: - Data Protection Officer: privacy@matteale.com - Address: [Your Business Address] - Phone: [Your Phone Number] 3. LAWFUL BASIS FOR PROCESSING We process personal data under the following lawful bases: Consent: Where you have given clear consent for us to process your personal data for a specific purpose. Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract. Legal Obligation: Where processing is necessary for compliance with a legal obligation. Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, provided your rights don't override these interests. 4. YOUR RIGHTS UNDER GDPR As a data subject, you have the following rights: Right to Access: You can request a copy of the personal data we hold about you. Right to Rectification: You can request correction of inaccurate or incomplete data. Right to Erasure: You can request deletion of your personal data in certain circumstances. Right to Restrict Processing: You can request that we limit how we use your data. Right to Data Portability: You can request your data in a structured, machine-readable format. Right to Object: You can object to processing based on legitimate interests or direct marketing. Right to Withdraw Consent: You can withdraw consent at any time where processing is based on consent. 5. DATA SECURITY MEASURES We implement appropriate technical and organizational measures to ensure data security: - Encryption of personal data in transit and at rest - Regular security assessments and penetration testing - Access controls based on the principle of least privilege - Employee training on data protection and security - Incident response procedures - Regular backup and disaster recovery testing 6. DATA RETENTION We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Retention periods are documented in our data retention policy. 7. INTERNATIONAL DATA TRANSFERS When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place: - Standard Contractual Clauses approved by the European Commission - Adequacy decisions where applicable - Binding Corporate Rules for intra-group transfers 8. DATA BREACH PROCEDURES In the event of a personal data breach, we will: - Notify the relevant supervisory authority within 72 hours where required - Notify affected individuals without undue delay where the breach is likely to result in high risk to their rights - Document all breaches and our response 9. DATA PROTECTION IMPACT ASSESSMENTS We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risk to individuals' rights and freedoms. 10. THIRD-PARTY PROCESSORS We carefully select third-party processors and ensure they provide sufficient guarantees regarding GDPR compliance. All processors are bound by data processing agreements. 11. COOKIES AND TRACKING For information about our use of cookies and similar technologies, please see our Cookie Policy. 12. CHILDREN'S DATA Our services are not directed at children under 16. We do not knowingly collect personal data from children. 13. UPDATES TO THIS NOTICE We may update this GDPR compliance notice from time to time. We will notify you of any material changes. 14. EXERCISING YOUR RIGHTS To exercise any of your rights, please contact us at: Email: privacy@matteale.com We will respond to your request within one month. In complex cases, we may extend this by two months, but we will inform you of any extension. 15. COMPLAINTS If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with a supervisory authority.