GDRP

Kogi Shops GDPR Policy

1. Introduction

At Kogi Shops, we are committed to protecting the privacy and data security of our customers, employees, and all individuals whose personal data we collect, process, or store. This GDPR policy outlines our commitment to compliance with the General Data Protection Regulation (GDPR) and our practices for ensuring the privacy and security of personal data.

2. Data Controller

Kogi Shops is the data controller responsible for the processing of personal data collected through our business operations.

3. Data Protection Principles

We adhere to the following GDPR data protection principles:

– Lawfulness, fairness, and transparency: We process personal data in a lawful, fair, and transparent manner.
– Purpose limitation: We collect and process personal data only for specific, legitimate purposes.
– Data minimization: We only collect and retain personal data that is necessary for the intended purposes.
– Accuracy: We ensure that personal data is accurate and kept up to date.
– Storage limitation: We do not retain personal data longer than necessary for the purposes for which it was collected.
– Integrity and confidentiality: We implement appropriate security measures to protect personal data from unauthorized access, disclosure, or alteration.
– Accountability and transparency: We maintain records of our data processing activities and demonstrate compliance with GDPR.

4. Data Collection and Processing

We collect and process personal data for the following purposes:

– Customer information for order processing and communication.
– Employee information for HR and payroll purposes.
– Marketing and promotional activities with explicit consent.
– Compliance with legal obligations.

5. Data Subject Rights

Individuals have the following rights regarding their personal data:

– Right to access: Individuals can request access to their personal data.
– Right to rectification: Individuals can request corrections to their inaccurate or incomplete personal data.
– Right to erasure: Individuals can request the deletion of their personal data under specific circumstances.
– Right to restrict processing: Individuals can request limitations on the processing of their personal data.
– Right to data portability: Individuals can request their data in a machine-readable format.
– Right to object: Individuals can object to the processing of their personal data.
– Right not to be subject to automated decision-making: We do not engage in automated decision-making without explicit consent.

6. Data Security

We implement appropriate technical and organizational measures to safeguard personal data, including encryption, access controls, and regular security assessments.

7. Data Breach Notification

In the event of a data breach, we will promptly notify the relevant authorities and affected individuals in accordance with GDPR requirements.

Data Transfer

We ensure that any international data transfers comply with GDPR regulations through appropriate safeguards, such as Standard Contractual Clauses or Privacy Shield certification.

**9. GDPR Compliance Officer**

We designate a Data Protection Officer (DPO) responsible for overseeing GDPR compliance within our organization.

**10. Updates to GDPR Policy**

We regularly review and update this GDPR policy to reflect changes in our data processing practices and legal requirements.