GDPR Policy
1. Introduction
Vibe Active Communications Limited (“the Company”) is committed to protecting the privacy and personal data of its users, customers, and employees. This GDPR policy outlines how the Company collects, uses, stores, and protects personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Data Collection and Usage
2.1 – Personal Data
The Company collects and processes personal data for the following purposes:
- Fulfillment of orders: The Company may collect personal data, including names, addresses, contact information, and payment details, to process and fulfill customer orders for Culcharge products.
- Marketing communication: With the explicit consent of the individuals, the Company may use personal data to send marketing communications, newsletters, and promotional offers related to Culcharge products and services.
- Customer support: The Company may collect personal data to provide customer support, respond to inquiries, and resolve any issues related to Culcharge products or services.
- Employment purposes: The Company collects personal data of employees for recruitment, employment, payroll, and other employment-related purposes.
2.2 – Non-Personal Data
The Company may collect non-personal data, such as website usage statistics, IP addresses, and cookies, for the purpose of improving the website’s functionality and providing a better user experience. This data does not directly identify individuals and is used in an aggregated and anonymous form.
3. Data Security
The Company takes appropriate technical and organizational measures to ensure the security and integrity of personal data. This includes implementing secure data storage, access controls, encryption, regular data backups, and training employees on data protection practices.
4. Data Retention
The Company retains personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by applicable laws and regulations. Once data is no longer needed, it is securely deleted or anonymized.
5. Data Sharing and Transfers
The Company may share personal data with third-party service providers and business partners involved in the fulfillment of orders, marketing activities, customer support, and other legitimate business purposes. These parties are contractually obligated to handle personal data in a secure and confidential manner and in compliance with applicable data protection laws.
In cases where personal data is transferred outside the European Economic Area (EEA), the Company ensures appropriate safeguards are in place, such as using standard contractual clauses or relying on Privacy Shield frameworks.
6. Individual Rights
Individuals have certain rights regarding their personal data, including:
- The right to access their personal data held by the Company.
- The right to rectify inaccurate or incomplete personal data.
- The right to request the erasure of personal data.
- The right to restrict or object to the processing of personal data.
- The right to data portability.
To exercise these rights, individuals can contact the Company using the contact information provided in this policy.
7. Privacy Notice and Consent
The Company provides a separate privacy notice that explains in detail how personal data is collected, used, and shared. Individuals are required to provide explicit consent for the processing of their personal data when required by applicable laws.
8. Data Protection Officer
The Company has appointed a Data Protection Officer (DPO) responsible for overseeing data protection matters. Individuals can contact the DPO using the provided contact information.
9. Updates to the GDPR Policy
The Company may update this GDPR policy from time to time to reflect changes in applicable laws, regulations, or the Company’s practices. The updated policy will be made available on the Company’s website.