GDPR (General Data Protection Regulation) Policy Effective Date: June 01, 2023 1. Introduction This GDPR Policy outlines the procedures and guidelines that randy.ph ("we," "us," or "our") follows to ensure compliance with the General Data Protection Regulation (GDPR) to protect the privacy and rights of individuals whose personal data we collect and process. This policy applies to all employees, contractors, partners, and third parties acting on behalf of randy.ph. 2. Data Controller and Data Protection Officer randy.ph acts as the data controller for the personal data it collects and processes. The designated Data Protection Officer (DPO) is Randy R., who can be reached at randy@randy.ph for any inquiries related to data protection and privacy. 3. Data Collection and Processing 3.1 Lawful Basis for Processing: We only process personal data when there is a lawful basis to do so, including but not limited to consent, contractual necessity, legal obligations, vital interests, legitimate interests, and the performance of a task carried out in the public interest or in the exercise of official authority. 3.2 Data Minimization: We only collect and process personal data that is necessary for the purpose for which it was collected. We strive to minimize the amount of personal data collected and processed. 3.3 Purpose Limitation: Personal data is collected and processed for specific, explicit, and legitimate purposes. Data is not processed in a manner incompatible with these purposes. 3.4 Transparency: Individuals are provided with clear and concise information about the processing of their personal data, including the purposes, legal basis, data retention period, and their rights. 4. Individual Rights 4.1 Right to Access: Individuals have the right to request access to their personal data held by us. We will provide a copy of the data in a commonly used electronic format. 4.2 Right to Rectification: Individuals can request the correction of inaccurate or incomplete personal data. 4.3 Right to Erasure (Right to be Forgotten): Individuals have the right to request the deletion of their personal data under certain circumstances. 4.4 Right to Restriction of Processing: Individuals can request that the processing of their personal data be restricted in specific situations. 4.5 Right to Data Portability: Individuals can request their personal data to be provided in a structured, machine-readable format for transfer to another data controller. 4.6 Right to Object: Individuals can object to the processing of their personal data based on legitimate interests or direct marketing. 5. Data Security We implement appropriate technical and organizational measures to ensure the security and confidentiality of personal data. This includes encryption, access controls, regular security assessments, and staff training. 6. Data Breach Notification In the event of a personal data breach, we will notify the appropriate supervisory authority and affected individuals within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals. 7. International Data Transfers Any international transfers of personal data will be carried out in compliance with applicable data protection laws and using mechanisms such as Standard Contractual Clauses or other approved safeguards. 8. Data Retention Personal data will be retained for no longer than necessary to fulfill the purposes for which it was collected, and in accordance with applicable legal requirements. 9. Third Parties We ensure that any third parties processing personal data on our behalf do so in compliance with GDPR and our data protection standards. 10. Review and Updates This policy will be reviewed and updated regularly to ensure ongoing compliance with GDPR and any relevant changes in data protection laws. 11. Contact Information For any questions or concerns regarding this GDPR Policy or our data processing practices, please contact our Data Protection Officer at randy@randy.ph. randy.ph Pasig, Philippines 1600 https://www.randy.ph/ randy@randy.ph