GDPR Compliance

Last updated: April 3, 2023

General Data Protection Regulation (GDPR) Compliance

At Somai, we are committed to ensuring the privacy and protection of your personal data. This page outlines how we comply with the General Data Protection Regulation (GDPR), which is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area.

Your Rights Under GDPR

The GDPR provides the following rights for individuals:

  • The right to be informed: You have the right to be informed about the collection and use of your personal data.
  • The right of access: You have the right to request a copy of the personal data we hold about you.
  • The right to rectification: You have the right to request that we correct any inaccurate personal data we hold about you.
  • The right to erasure: You have the right to request that we delete your personal data in certain circumstances.
  • The right to restrict processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • The right to data portability: You have the right to request that we transfer your personal data to another service provider.
  • The right to object: You have the right to object to the processing of your personal data in certain circumstances.
  • Rights in relation to automated decision making and profiling: You have the right not to be subject to a decision based solely on automated processing.

How We Process Your Data

We collect and process your personal data only for the purposes that have been explicitly stated in our Privacy Policy. Your data is processed in a lawful, fair, and transparent manner. We do not collect or process more data than absolutely necessary for the purposes stated.

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data
  • Ensuring ongoing confidentiality, integrity, availability, and resilience of processing systems and services
  • Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
  • Regular testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing

Data Breach Notification

In the case of a personal data breach, we will notify the appropriate supervisory authority without undue delay and, where feasible, not later than 72 hours after becoming aware of it. We will also notify affected users directly if the breach is likely to result in a high risk to their rights and freedoms.

International Data Transfers

If we transfer your personal data to third countries or international organizations, we ensure that such transfers are made in compliance with GDPR requirements, including ensuring that appropriate safeguards are in place.

Contact Us About GDPR

If you have any questions about our GDPR compliance or if you want to exercise any of your rights under GDPR, please contact our Data Protection Officer at info@infoskillstechnology.com.