1. INTRODUCTION TO THIS GDPR POLICY
This GDPR policy ensures Assignment.ca: –
- Complies with data protection law and follows good practice
- Protects the rights of staff, clients and partners
- Is open about how it stores and processes individuals’ data
- Protects itself from data protection risks such as breaches of confidentiality, failure to offer choice and reputational damage
2. PRINCIPLES OF GDPR
Under the GDPR, the data protection principles set out the main responsibilities for Assignment.ca. Article 5 of the GDPR requires that personal data shall be: (a) Processed lawfully, fairly and in a transparent manner in relation to individuals; (b) Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (c) Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; (d) Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay; (e) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; (f) Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.
3. LAWFULNESS OF PROCESSING CONDITIONS
Under the GDPR, there is requirement to have a valid lawful basis in order to process personal data. There are six available lawful bases for processing set out in Article 6 of the GDPR:- (a) Consent: the data subject has given clear unambiguous consent for their personal data to be processed for a specific purpose (b) Contract: processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract (c) Legal obligation: processing is necessary for compliance with a legal obligation (d) Vital interests: processing is necessary to protect the vital interests of a data subject or another individual (e) Public task: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (f) Legitimate interests: processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.
4. YOUR RIGHTS UNDER THE GDPR
The GDPR provides the following rights for individuals: –
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Receipt of this GDPR Policy by you shall constitute acceptance of and agreement to all of the terms contained herein.