Contents

1 Introduction

1.1 Purpose of the Policy

1.2 Scope of Applicability

2 Data Collection

2.1 Types of Data Collected

2.2 User-Generated Content

2.3 Methods of Data Collection

3 Use of Collected Data

3.1 Purposes of Data Processing

3.2 Legal Basis for Processing

4 Data Sharing and Disclosure

4.1 Third-Party Sharing

4.2 Legal Requirements for Disclosure

5 Data Security Measure

5.1 Security Protocols

5.2 Data Breach Response Plan

6 User Rights and Control

6.1 Access to Personal Data

6.2 Correction and Deletion of Data

6.3 Data Portability

7 Cookies and Tacking Technologies

7.1 Use of Cookies

7.2 Managing Cookies Preferences

8 Data Retention and Deletion

8.1 Retention Periods

8.2 Procedures for Data Deletion

9 International Data Transfers

9.1 Cross-Border Data Transfer Mechanisms

9.2 Safeguards for International Transfers

10 Policy Updates and Amendments

10.1 Notification of Changes

10.2 Effective Dates

11 Contact Information

11.1 Queries and Complaints

11.2 Data Protection Officer Contact Details

12 Legal Compliance and Governance

12.1 Compliance with GDPR and Other Regulations

12.2 Oversight and Governance Mechanisms

 

1           Introduction

1.1          Purpose of the Policy

1. Commitment to Privacy: This policy outlines DigiZauber's commitment to protecting the privacy and security of personal data collected from customers, partners, and other stakeholders. It serves as a testament to our dedication to upholding high standards of privacy and data protection.
2. Transparency in Data Handling: The primary purpose of this policy is to provide transparency about how DigiZauber collects, uses, stores, and protects personal data. We aim to inform individuals about their rights concerning their data and our obligations as a data controller.
3. Trust and Compliance: This policy is designed to build trust with our customers and partners by demonstrating compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and other regional data protection regulations.

1.2          Scope of Applicability

1. Who is Covered: The policy applies to all individuals whose personal data is processed by DigiZauber. This includes customers who purchase our products or services, users of our website, employees, contractors, and other stakeholders.
2. Types of Data Covered: It encompasses all forms of personal data, including but not limited to names, addresses, email addresses, phone numbers, transaction history, website usage data, and any other information that can be used to identify an individual either directly or indirectly.
3. Applicability Across Platforms: The policy is applicable to all platforms and channels through which DigiZauber operates. This includes our website, mobile applications, social media pages, and any other digital or physical platforms where personal data is collected.
4. Inclusion in Contracts and Agreements: The policy forms an integral part of the terms and conditions of using DigiZauber's services and products. Acceptance of this policy is mandatory for the utilization of our services.
5. Global Consideration: While primarily focused on compliance with GDPR, the policy also takes into account other global data protection laws, ensuring a comprehensive approach to data privacy and protection.

2           Data Collection

2.1          Types of Data Collected

1. Personal Identification Information:

-          Includes basic personal details such as name, address, email address, telephone number, and date of birth. This information is typically collected during account creation, purchase processes, or service registrations.

2. Transactional Data:

-          Encompasses details of transactions made with DigiZauber, like purchase history, payment information (excluding sensitive financial details like credit card numbers), and service usage data.

3. Technical and Usage Data:

-          Refers to information about how customers interact with DigiZauber’s website and services, including IP addresses, browser types, operating system details, page view statistics, and usage patterns.

2.2          User-Generated Content

1. User Content Ownership:

-          Content created and uploaded by users to DigiZauber’s platform remains the intellectual property of the respective users. However, by posting content on DigiZauber’s platform, users grant DigiZauber a non-exclusive, worldwide, royalty-free license to use, reproduce, modify, publish, translate, create derivative works from, distribute, and display such content.

2. Responsibility for User Content:

-          Users are solely responsible for their content submissions, including ensuring they have all necessary rights and permissions. Users must ensure that their content does not infringe upon the rights of any third party or violate any laws.

3. Moderation and Removal Rights:

-          DigiZauber reserves the right to monitor, edit, or remove any content that is available on its platform if the content is found to be in violation of this policy, any laws, or the rights of others.

4. Communication Data:

-          Covers information shared in communications with DigiZauber, such as customer service interactions, feedback, and responses to surveys or questionnaires.

5. Marketing and Preference Data:

-          Includes customer preferences in receiving marketing communications from DigiZauber, as well as responses to promotional activities.

6. Employment-Related Data (if applicable):

-          For potential or current employees and contractors, data related to employment applications, CVs, background checks, and employment history.

7. Data from POS System Users:

-          When businesses or stores use DigiZauber’s POS systems, we might collect data that they process through our systems. This includes sales transactions, customer information managed by these businesses, and operational data from the POS system usage.

8. Consent and Compliance in Data Sharing:

-          DigiZauber ensures that any collection of data through POS systems adheres to appropriate data protection laws. We require businesses using our systems to have obtained necessary consent from their customers for any data shared with us.

9. Use of Aggregated Data:

-          Often, data from POS systems may be aggregated or anonymized for analysis purposes, helping improve system functionalities and customer insights without compromising individual data privacy.

2.3          Methods of Data Collection

1. Direct Interactions:

-          Data is collected when individuals provide it directly to DigiZauber, such as when they register for a service, make a purchase, fill out forms on our website, or communicate with us through email, phone, or in-person.

2. Automated Technologies and Interactions:

-          When individuals interact with our website or use our services, we automatically collect certain technical data about their equipment and browsing actions. This is done through cookies and other similar technologies.

3. Third-Party Sources:

-          DigiZauber may receive personal data from various third parties, including analytics providers, marketing partners, and publicly available sources.

4. Employment Processes:

-          Data is collected through employment applications, either directly from candidates or through employment agencies.

5. Customer Feedback and Surveys:

-          Additional personal data might be collected when individuals voluntarily provide feedback or participate in surveys.

6. Data Collection from POS Systems:

-          Data from POS systems is collected in real-time as transactions occur. This process is automated and adheres to stringent data security standards to ensure the integrity and confidentiality of the information.

7. Collaboration with Business Partners:

-          DigiZauber collaborates with businesses using our POS systems to ensure data collection complies with our privacy policy and legal obligations. This includes agreements and guidelines on data handling and sharing.

8. Data Integration from External Systems:

-          For businesses integrating their systems with DigiZauber’s POS solutions, we establish protocols to ensure seamless and secure data transfer, respecting the privacy and consent frameworks they have with their customers.

3           Use of Collected Data

3.1          Purposes of Data Processing

1. Customer Account Management:

-          Personal identification information is used to create and manage customer accounts, enabling access to DigiZauber's products and services.

2. Transactional Processing:

-          Transactional data is necessary for processing orders, managing payments, and providing the products or services requested by our customers.

3. Technical and Website Functionality:

-          Technical and usage data facilitate website functionality, improve user experience, and ensure the security and efficient operation of our digital platforms.

4. Customer Support and Communication:

-          Communication data helps in responding to customer queries, providing support, and maintaining an ongoing customer relationship.

5. Marketing and Promotional Activities:

-          Marketing and preference data are used to tailor and deliver targeted marketing campaigns and promotional offers to customers, based on their preferences and interests.

6. POS System Data Usage:

-          Data collected from POS systems are used for transactional analysis, system performance optimization, and providing customized reports to the businesses using our systems.

7. Employment-Related Decisions:

-          For potential or current employees, employment-related data is used for recruitment, HR processes, and employment decisions.

3.2          Legal Basis for Processing

1. Consent:

-          In cases where consent is required, such as certain marketing activities, DigiZauber ensures that clear, informed consent is obtained from individuals before processing their data.

2. Contractual Necessity:

-          Processing of personal data necessary for the fulfillment of a contract with the individual, such as transactional processing and account management, is based on the contractual necessity.

3. Legal Obligations:

-          Certain data processing activities might be necessary for compliance with legal obligations, such as tax laws and other regulatory requirements.

4. Legitimate Interests:

-          DigiZauber processes some data based on legitimate business interests. This includes but is not limited to enhancing, modifying, personalizing, or otherwise improving our services and communications for the benefit of our customers.

5. Vital Interests:

-          In rare cases, data processing might be necessary to protect the vital interests of individuals, such as in emergency medical situations.

6. Public Interest:

-          Processing may also occur when it’s in the public interest or for official purposes, aligned with applicable laws.

4           Data Sharing and Disclosure

4.1          Third-Party Sharing

1. Service Providers and Partners:

-          DigiZauber may share data with third-party service providers and business partners who perform services on our behalf, such as payment processing, data analysis, marketing and advertising services, email and hosting services, and customer services and support. We share necessary data with these entities to fulfill our contractual obligations and enhance our services.

2. POS System Data Sharing:

-          For businesses using DigiZauber’s POS systems, data might be shared with third-party service providers for the purpose of integrating additional services (like inventory management, product orders or loyalty programs). This sharing is subject to the consent of the business and is governed by strict data protection agreements.

3. Aggregate and Anonymized Data:

-          DigiZauber may share aggregated or anonymized data that cannot reasonably be used to identify individuals with third parties. This data may be used for industry analysis, demographic profiling, marketing, and other business purposes.

4. Some Third-Party Integrations:

• Specific Third-Party Integrations:

1. Payment Processors: For instance, payments processed via Stripe involve transmitting information to Stripe Payments Europe Ltd. Stripe's privacy policy can be found [here](https://stripe.com/privacy).
2. PayPal: When using PayPal, payment data is shared with PayPal. Detailed information on PayPal's data processing and credit check practices can be found in their [privacy policy](https://www.paypal.com/webapps/mpp/ua/privacy-full).
3. Shipping Partners: We may share data with shipping companies to facilitate delivery of orders. Each shipping partner’s data handling practices are detailed in their respective privacy policies.

• Integration of Google Services:

1. Google Analytics and Advertising: DigiZauber utilizes Google services, such as Google Analytics and Google Ads, for website analytics and advertising purposes. These services help us understand user behavior on our site and deliver targeted advertising. The data processed may include user interactions with our website, IP addresses, and browser information. For more information on how Google uses this data and how you can control the information sent to Google, please refer to Google’s privacy policy [here](https://policies.google.com/privacy).
2. Google Maps: If DigiZauber uses Google Maps for location-based services or displaying business locations, this integration may involve sharing location data or IP addresses with Google. The use of Google Maps is governed by Google’s privacy policy, which can be found [here](https://policies.google.com/privacy).
3. User Consent and Opt-out Options

-          Consent for Google Services: Users are informed about the use of Google services on our website and are provided with options to consent to or opt out of specific data processing activities.

-          Opt-out of Google Analytics: Users who wish to opt out of Google Analytics can do so by installing the Google Analytics opt-out browser add-on, available [here](https://tools.google.com/dlpage/gaoptout).

-          Ad Personalization: Users can also manage ad personalization settings or opt-out of personalized ads from Google by visiting the Ads Settings page [here](https://adssettings.google.com/).

• Integration of Meta Platforms Services:

1. Facebook and Instagram Advertising: DigiZauber leverages Meta's advertising services on platforms like Facebook and Instagram for targeted marketing and promotional activities. This may involve sharing anonymized or aggregated data with Meta to create customized advertising campaigns.
2. Facebook Pixel: If DigiZauber uses the Facebook Pixel, this tool collects data on user actions on our website to measure the effectiveness of ads and to deliver more relevant advertising content on Meta platforms. For more information about the Facebook Pixel and your data privacy rights, you can visit [Facebook's Data Policy](https://www.facebook.com/policy.php).
3. Instagram Insights: In cases where DigiZauber uses Instagram for business, Instagram Insights provides data on follower demographics and how users interact with our content. This information assists in tailoring our social media strategy to better serve our audience.
4. User Consent and Opt-out Options

-          Consent for Meta Platforms Services: DigiZauber informs users about the use of Meta's services on our digital platforms and provides options for users to consent to specific data processing activities.

-          Ad Preferences on Meta Platforms: Users can control their ad preferences and opt out of targeted advertising on Facebook and Instagram by adjusting their ad settings directly on these platforms. More information on managing these preferences can be found in the [Ad Preferences section](https://www.facebook.com/settings?tab=ads) of Facebook’s settings.

4.2          Legal Requirements for Disclosure

1. Compliance with Laws:

-          There may be circumstances where DigiZauber is legally required to disclose personal data. This includes complying with laws, regulations, court orders, or governmental requests.

2. Legal Proceedings and Protection of Rights:

-          Personal data may be disclosed in the context of legal proceedings, such as in response to a court order or a subpoena. Additionally, it may be shared to protect the legal rights, personal safety, and security of DigiZauber, its customers, or the public.

3. Business Transfers:

-          In the event of a merger, acquisition, consolidation, restructuring, bankruptcy, or other corporate reorganization, personal data may be transferred as part of the business assets. However, this would be subject to the continuation of the privacy terms or comparable terms of the existing Privacy Policy.

4. Consent-Based Sharing:

-          In situations where personal data is shared for purposes not covered by this policy, DigiZauber will obtain explicit consent from the individuals involved before any data is shared.

5           Data Security Measure

5.1          Security Protocols

1. Robust Technical Measures:

-          DigiZauber implements robust technical measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, firewalls, and secure server facilities.

2. Regular Security Reviews:

-          Our security protocols are regularly reviewed and updated to ensure the highest level of protection, particularly in response to new security threats and vulnerabilities.

3. Employee Training and Awareness:

-          Employees handling personal data receive regular training on data protection and security. We foster a culture of data privacy within the organization, ensuring that all staff members understand the importance of protecting personal data.

4. Access Controls:

-          Strict access controls are in place to ensure that personal data is accessible only to authorized personnel who need access to perform their job functions.

5. Secure Data Transfers:

-          When transferring data, particularly over public networks, DigiZauber uses secure transfer protocols to protect the data in transit.

5.2          Data Breach Response Plan

1. Immediate Response:

-          In the event of a data breach, DigiZauber has a response plan that includes immediate measures to contain and assess the breach.

2. Notification Procedures:

-          If the breach poses a risk to the rights and freedoms of individuals, DigiZauber will notify the relevant data protection authorities and, where necessary, the affected individuals, in accordance with legal requirements and within the timeframe stipulated by law.

3. Investigation and Mitigation:

-          An investigation will be conducted to understand the cause and extent of the breach. Based on the findings, measures will be taken to prevent future occurrences and to mitigate the effects of the breach.

4. Documentation and Review:

-          All data breaches are documented, including the facts surrounding the breach, its effects, and the remedial action taken. This documentation aids in reviewing policies and procedures to improve data security.

5. Cooperation with Authorities:

-          DigiZauber will cooperate with data protection authorities and law enforcement agencies as required in the investigation and response to data breaches.

6           User Rights and Control

6.1          Access to Personal Data

1. Right to Access:

-          Individuals have the right to request access to their personal data held by DigiZauber. This includes obtaining confirmation as to whether or not personal data concerning them is being processed, and for what purposes.

2. Providing Access:

-          Upon request, DigiZauber will provide a copy of the personal data in a commonly used electronic format. The first copy will be provided free of charge, and a reasonable fee may be charged for any additional copies.

3. Response Time:

-          DigiZauber aims to respond to access requests within one month of receipt. If the request is complex or numerous, this period may be extended by two further months, in which case the individual will be informed of the delay.

6.2          Correction and Deletion of Data

1. Right to Correction:

-          Individuals have the right to have inaccurate personal data rectified. Depending on the purposes of processing, they may also have the right to have incomplete personal data completed.

2. Right to Deletion ('Right to be Forgotten'):

-          Individuals can request the deletion of their personal data when it is no longer necessary for the purposes it was collected for, or when they withdraw consent and no other legal basis for processing exists.

3. Executing Requests:

-          DigiZauber will take reasonable steps to inform other entities that are processing the data about the individual’s request for rectification or deletion.

6.3          Data Portability

1. Right to Data Portability:

-          This right allows individuals to receive their personal data that they have provided to DigiZauber in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance.

2. Applicability:

-          The right to data portability applies to personal data processed by automated means and based on the individual's consent or on a contract to which the individual is a party.

3. Support in Data Transfer:

-          DigiZauber will facilitate the transfer of personal data to another data controller when technically feasible, ensuring the secure and efficient transfer of such data.

7           Cookies and Tacking Technologies

7.1          Use of Cookies

1. Purpose of Cookies:

-          DigiZauber uses cookies and similar tracking technologies to enhance user experience, analyze trends, administer the website, track users' movements around the website, and gather demographic information about our user base as a whole.

2. Types of Cookies Used:

-          Essential Cookies: Necessary for the website to function and cannot be switched off in our systems. They are usually set in response to actions made by you, such as setting privacy preferences, logging in, and filling in forms.

-          Performance Cookies: Collect information about how visitors use the website, which pages visitors go to most often, and if they get error messages from web pages.

-          Functional Cookies: Enable the website to provide enhanced functionality and personalization, remembering choices you make or providing services you have asked for.

-          Targeting Cookies: Used to deliver adverts more relevant to you and your interests, limit the number of times you see an advertisement, and help measure the effectiveness of the advertising campaign.

3. Third-Party Cookies:

-          Some cookies may be set by third-party services that appear on our pages. They may be used by those companies to build a profile of your interests and show you relevant ads on other sites.

7.2          Managing Cookies Preferences

1. Cookie Consent:

-          On the first visit to our website, users are presented with a cookie consent banner where they can choose their preferences regarding the use of cookies.

2. Changing Preferences:

-          Users can change their cookie preferences at any time by accessing the cookie settings on our website. Information on how to manage settings is provided in the cookie banner and on our cookie policy page.

3. Browser Settings:

-          Users can also control the use of cookies at the browser level. Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version.

4. Impact of Disabling Cookies:

-          If users choose to disable cookies, it may affect the functionality of certain parts of our website, and some features and services may not work as intended.

8           Data Retention and Deletion

8.1          Retention Periods

1. General Principle:

-          DigiZauber retains personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

2. Criteria for Determining Retention Periods:

-          The duration for which the data is needed to provide services to the user.

-          Whether the user has an account with DigiZauber, which requires retaining personal data to manage the account.

-          Legal obligations to retain data for a certain period of time.

-          Statute of limitations under applicable law(s).

3. Special Considerations for Different Types of Data:

-          Transactional data may be retained for longer periods for financial accounting and audit purposes.

-          Data related to contracts and business transactions may be retained for an extended period as required by business practices and laws.

8.2          Procedures for Data Deletion

1. User-Requested Deletion:

-          Users can request the deletion of their personal data. Upon such requests, DigiZauber will delete or anonymize the user's personal data, unless there are legal grounds to retain it.

2. Automatic Deletion Mechanisms:

-          DigiZauber has implemented automated mechanisms to regularly review and delete personal data that is no longer necessary for the stated purposes.

3. Deletion upon Contract Termination:

-          Upon the termination of a service contract or account closure, personal data will be deleted or anonymized, subject to any legal requirements for data retention.

4. Data Backup and Archiving:

-          Even after deletion, some data may persist in backups or archives for a limited period of time but will be deleted when these backups are refreshed.

5. Secure Deletion Practices:

-          All data deletion processes are carried out securely and in a way that ensures the privacy of individuals. This includes ensuring that data cannot be reconstructed or read once it has been deleted.

9           International Data Transfers

9.1          Cross-Border Data Transfer Mechanisms

1. Global Operations and Data Transfer:

-          DigiZauber operates on a global scale, which may involve transferring personal data across national borders. This includes transfers to countries that may not have the same level of data protection laws as the country where the data was initially collected.

2. Compliance with Legal Frameworks:

-          When transferring data internationally, DigiZauber complies with applicable legal frameworks and data protection laws, ensuring that the data transfer mechanisms used offer adequate protection of personal data.

3. Use of Standard Contractual Clauses:

-          For transfers to countries without an adequacy decision from the European Commission, DigiZauber relies on Standard Contractual Clauses (SCCs) as a mechanism to ensure that personal data is adequately protected when transferred outside the European Economic Area (EEA).

4. Data Transfer Agreements:

-          Agreements with third-party service providers and international partners include specific clauses that mandate the protection and secure handling of personal data in line with DigiZauber’s privacy standards.

9.2          Safeguards for International Transfers

1. Assessment of Data Protection Standards:

-          Before any international transfer, DigiZauber assesses the data protection standards and practices of the receiving country or entity to ensure they provide an adequate level of protection for personal data.

2. Data Protection Impact Assessments:

-          For certain types of data transfers, particularly those that might pose higher risks to individuals’ privacy rights, DigiZauber conducts Data Protection Impact Assessments (DPIAs) to identify and mitigate any potential risks.

3. Encryption and Security Measures:

-          Personal data transferred internationally is protected through encryption and other security measures to prevent unauthorized access during transit.

4. Continuous Monitoring and Review:

-          DigiZauber continuously monitors the effectiveness of its data transfer mechanisms and makes adjustments as necessary, particularly in response to changes in laws or regulations in different jurisdictions.

10      Policy Updates and Amendments

10.1      Notification of Changes

1. Commitment to Transparency:

-          DigiZauber is committed to maintaining transparency in its data protection practices. As part of this commitment, we will notify users of any significant changes to our Privacy Policy.

2. Methods of Notification:

-          Notifications of policy updates may be communicated through various channels, including email notifications to registered users, prominent announcements on our website, or through direct communication in our service platforms.

3. Content of Notifications:

-          Notifications will include a summary of the changes made, reasons for the changes (if applicable), and any actions that users may need to take in response to the updates.

4. User Acknowledgement:

-          In certain cases, particularly where changes are significant, users may be required to actively acknowledge or accept the updated policy to continue using DigiZauber’s services.

5. Feedback and Inquiries:

-          Following an update, users will be encouraged to review the revised policy and are welcome to contact DigiZauber for any clarifications or feedback.

10.2      Effective Dates

1. Immediate Implementation:

-          Minor changes to the policy will typically become effective as soon as they are published. These may include administrative or legal clarifications that do not materially affect user rights.

2. Grace Period for Significant Updates:

-          For more substantial changes, DigiZauber may provide a grace period before the new policy takes effect. This allows users to understand the implications of the changes and, if necessary, adjust their preferences or usage of DigiZauber’s services.

3. Record of Changes:

-          DigiZauber maintains a historical record of changes made to the Privacy Policy. Users can access previous versions upon request, offering transparency into how our data protection practices have evolved.

4. Continued Use as Acceptance:

-          Continued use of DigiZauber’s services after the effective date of these changes constitutes acceptance of the new Privacy Policy.

11      Contact Information

11.1      Queries and Complaints

1. Open Communication Channel:

-          DigiZauber is committed to addressing any queries or concerns regarding data protection and privacy. Users are encouraged to reach out with any questions or issues they may have.

2. Process for Raising Concerns:

-          Concerns or queries can be raised by contacting DigiZauber’s customer support team through email, telephone, or via a dedicated contact form on our website. We aim to respond promptly and effectively to all inquiries.

3. Handling Complaints:

-          In the event of a complaint regarding DigiZauber’s handling of personal data or how a previous inquiry was managed, users are directed to submit a formal complaint. These complaints will be logged and investigated in accordance with our internal procedures and legal requirements.

4. Resolution and Follow-up:

-          Our goal is to resolve any issues to the user's satisfaction. Following the resolution, we will communicate the outcome and any actions taken in response to the complaint.

11.2      Data Protection Officer Contact Details

1. Dedicated Data Protection Officer (DPO):

-          DigiZauber has appointed a Data Protection Officer to oversee compliance with data protection laws and regulations. The DPO also serves as a point of contact for users regarding all matters of data privacy.

2. Contact Details of the DPO:

The DPO can be contacted via the following details:

-          Email: [dpo@digizauber.com]

-          Telephone: [+49 XXXX XXXXXX]

-          Postal Address: [DigiZauber GmbH, Attention: Data Protection Officer, Street Address, City, Postal Code, Country]

3. Role of the DPO:

-          The DPO is responsible for monitoring compliance with GDPR and other data protection laws, providing advice and guidance on data protection impact assessments (DPIAs), and acting as a contact point for data subjects and supervisory authorities.

4. Confidentiality and Independence:

-          Communications with the DPO are treated with confidentiality. The DPO operates independently to ensure unbiased consideration of privacy issues.

12      Legal Compliance and Governance

12.1      Compliance with GDPR and Other Regulations

1. Adherence to GDPR:

-          DigiZauber is committed to full compliance with the General Data Protection Regulation (GDPR) and understands its importance in protecting the privacy and rights of individuals within the European Union (EU) and European Economic Area (EEA).

-          This includes, but is not limited to, principles of data minimization, purpose limitation, accuracy, storage limitation, and integrity and confidentiality of personal data.

2. Global Data Protection Regulations:

-          In addition to GDPR, DigiZauber complies with other international and national data protection laws applicable to its operations in various jurisdictions. This compliance ensures a consistent level of protection for personal data worldwide.

3. Regular Legal Audits:

-          DigiZauber conducts regular audits to ensure ongoing compliance with evolving data protection laws and regulations. These audits are conducted by internal teams or external legal experts.

4. Data Protection Impact Assessments (DPIAs):

-          When introducing new technologies or processes that might impact personal data, DPIAs are conducted to identify and mitigate any potential data protection risks.

12.2      Oversight and Governance Mechanisms

1. Data Governance Structure:

-          DigiZauber has established a data governance structure to oversee data protection and privacy matters. This structure includes roles such as the Data Protection Officer (DPO) and a dedicated data privacy team.

2. Training and Awareness Programs:

-          Regular training programs are conducted for employees, focusing on data protection laws, internal data protection policies, and individual responsibilities regarding privacy.

3. Policy Enforcement:

-          Enforcement of the privacy policy is a priority for DigiZauber. Any non-compliance with data protection policies is addressed through disciplinary procedures.

4. Stakeholder Engagement:

-          DigiZauber engages with various stakeholders, including customers, employees, and regulators, to continuously improve its data protection practices.

5. Transparency and Reporting:

-          DigiZauber maintains transparency in its data protection practices and reports on compliance and governance activities in its corporate governance reports.

 

Last Updated: December 25, 2023