Data Protection Policy

1. Purpose and Scope

This Data Protection Policy outlines the principles and procedures governing the collection, processing, and protection of personal data by G23LAB. It applies to all employees, contractors, and third parties who process personal data on behalf of the organization.

2. Data Protection Principles

G23LAB adheres to the following data protection principles:

• Lawfulness, fairness, and transparency

• Purpose limitation

• Data minimization

• Accuracy

• Storage limitation

• Integrity and confidentiality

3. Legal Basis for Processing

Personal data will only be processed when there is a legal basis for doing so, such as consent, contract performance, legal obligation, vital interests, public task, or legitimate interests.

4. Types of Personal Data Processed

G23LAB may process the following categories of personal data:

• Contact information

• Employment details

• Financial information

5. Data Subjects' Rights

Individuals have the right to:

• Access their personal data

• Rectify inaccuracies

• Erase personal data

• Object to processing

• Restrict processing

• Data portability

6. Data Security Measures

G23LAB implements appropriate technical and organizational measures to ensure the security of personal data, including encryption, access controls, and regular security assessments.

7. Data Breach Response

In the event of a data breach, G23LAB will promptly assess the incident, notify the relevant authorities, and communicate with affected individuals as required by law.

8. Data Sharing and Third-Party Processing

Personal data may be shared with third parties only when necessary for the fulfillment of a legitimate purpose, and data processing agreements are established to ensure compliance with data protection standards.

9. Data Retention and Disposal

Personal data will be retained for the period necessary to fulfill the purposes for which it was collected. Data will be securely disposed of when it is no longer needed.

10. Data Protection Officer (DPO)

G23LAB has appointed a Data Protection Officer responsible for ensuring compliance with data protection laws and facilitating communication with data subjects and supervisory authorities.

11. Staff Training and Awareness

All employees are trained on data protection principles and practices, and awareness is promoted through regular communications.

12. Compliance with Applicable Laws

G23LAB is committed to complying with all relevant data protection laws and regulations.

13. Review and Updates

This Data Protection Policy will be regularly reviewed and updated to ensure ongoing compliance with legal requirements and organizational needs.