GDPR Compliance Statement
CrossTrades OBL Limited is committed
to ensuring the security and protection
of the personal
information that we process, and to
provide a compliant and consistent
approach to data protection.
We have
created this GDPR Compliance Statement
to explain our approach to implementing
our GDPR
compliance program. It
describes the implementation of our data
protection roles, policies, procedures,
controls and measures to ensure ongoing
compliance with GDPR.
Our GDPR
Principles
CrossTrades OBL Limited
takes the privacy and security of
individuals and their personal
information
very seriously. Our
principles for processing personal
information are:
•
We will process
all personal information fairly and
lawfully
•
We will only process
personal information for specified and
lawful purposes
•
Where practical, we
will keep personal information up to
date
•
We will not keep personal
information for longer than is necessary
Data Subjects Rights under GDPR
At
CrossTrades OBL Limited, an individual
can request information about:
•
What
personal information we hold about an
individual
•
The categories of
personal information we collect from an
individual
•
The purposes for
collecting and processing personal
information from an individual
•
How
long we plan to keep the personal
information
•
The process to have
incomplete or inaccurate personal
information corrected or completed
•
Where applicable, the process for
requesting erasure of the personal
information or for
restricting the
processing of personal information in
accordance with data protection laws, as
well as
to object to any direct
marketing from us
•
About any
automated decision-making that we use
Our GDPR compliance plan
Here’s an
overview of our steps that we are taking
to ensure compliance with GDPR at
CrossTrades OBL
Limited:
•
We
conducted a data mapping inventory and
analysis of collected personal
information in our
systems and
records
•
We have established
procedures and policies to restrict
processing of personal information
•
We have updated our procedures for data
breaches and incident responses
•
We
have updated our company’s Data
Protection Policy, Data Retention
Policy, Information
Security Policy,
Cookies Policy and Privacy Policy
•
We have reviewed all processing
activities to identify the legal basis
for processing personal
information
and to ensure that each basis is
appropriate for the activity it relates
to.