GDPR COMPLIANCE POLICY

Veccram, (“we,” “our,” or “us”) is committed to protecting the privacy and data of our users and customers. This GDPR Compliance Policy outlines our efforts to comply with the General Data Protection Regulation (GDPR) concerning the collection, processing, and protection of personal data.

1. Scope
This policy applies to all personal data collected and processed by Veccram, regardless of the user’s location.

2. Definitions
2.1. Personal Data: Any information relating to an identified or identifiable natural person, as defined in the GDPR.
2.2. Data Subject: An identifiable natural person who can be directly or indirectly identified from the personal data.
2.3. Processing: Any operation or set of operations performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, transmission, dissemination, or otherwise making available.

3. Principles of Data Protection
We adhere to the principles of data protection under the GDPR, which include:
3.1. Lawfulness, fairness, and transparency: Personal data is processed lawfully, fairly, and transparently.
3.2. Purpose limitation: Data is collected for specified, explicit, and legitimate purposes.
3.3. Data minimisation: We only collect data that is necessary for the purposes for which it is processed.
3.4. Accuracy: We ensure that personal data is accurate and up to date.
3.5. Storage limitation: Personal data is retained only for as long as necessary.
3.6. Integrity and confidentiality: We take appropriate security measures to protect personal data.

4. Data Collection and Processing
4.1. We collect and process personal data for specific purposes and only with the explicit consent of the data subject.
4.2. We maintain records of data processing activities, including data categories, purposes, retention periods, and third-party recipients, as required by GDPR.
4.3. We inform data subjects about the purpose and processing of their data and provide them with the opportunity to consent.

5. Data Transfers
Data transfers outside the EU are conducted in compliance with GDPR provisions. We ensure that appropriate safeguards, such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs), are in place when required.

6. Third-Party Processors
When engaging third-party processors, we conduct due diligence to ensure they meet GDPR compliance standards. Data processing agreements are established to govern these relationships.

7. Data Subject Rights
Data subjects have the following rights under the GDPR:
7.1. The right to be informed about the processing of their data. 7.2. The right to access their personal data.
7.3. The right to rectify inaccuracies in their personal data.
7.4. The right to erasure (the “right to be forgotten”).
7.5. The right to restrict processing.
7.6. The right to data portability.
7.7. The right to object to processing.
7.8. The right not to be subject to automated decision-making, including profiling.

8. Data Security
We implement appropriate technical and organizational measures to ensure the security and confidentiality of personal data.

9. Data Breach Notification
In the event of a data breach that is likely to result in a risk to the rights and freedoms of data subjects, we will notify the appropriate authorities and data subjects within 72 hours, as required by the GDPR.

10. Contact Information
For any questions or concerns regarding this GDPR Compliance Policy, please contact us at veccram@gmail.com.

11. Changes to this Policy
We may update this GDPR Compliance Policy from time to time. Any changes will be posted on our website, and the revised policy will indicate the effective date.

12. Additional Information
For more information on GDPR and data protection, you may refer to the official GDPR website (https://gdpr.eu/).

13. Governing Law
This GDPR Compliance Policy is governed by and shall be construed in accordance with the laws of the State of California, the United States.