Introduction

Ceremonies by Sigrid is committed to protecting the personal data of its employees, customers, and other stakeholders. We are aware of our obligations under the General Data Protection Regulation (GDPR) and have taken the necessary steps to ensure that we are fully compliant with this regulation.

Scope

This policy applies to all personal data that we collect, process, and store. Personal data includes any information that can be used to identify an individual, such as name, address, email address, and telephone number.

Data Controller

Ceremonies by Sigrid is the data controller and is responsible for ensuring that all personal data is processed in accordance with the GDPR.

Data Protection Principles

We will ensure that all personal data is processed in accordance with the following principles:

Lawfulness, fairness, and transparency: We will ensure that all personal data is processed in a lawful, fair, and transparent manner.
Purpose limitation: We will only collect and process personal data for specific and legitimate purposes.
Data minimization: We will only collect and process the minimum amount of personal data necessary for the specific purposes for which it is collected.
Accuracy: We will take all reasonable steps to ensure that all personal data is accurate and up-to-date.
Storage limitation: We will not store personal data for longer than is necessary for the specific purposes for which it was collected.
Integrity and confidentiality: We will take all reasonable steps to protect the confidentiality and integrity of personal data.
Data Subjects’ Rights

Under the GDPR, individuals have the following rights in relation to their personal data:

Right to access: Individuals have the right to access their personal data and to be provided with information about how their personal data is processed.
Right to rectification: Individuals have the right to have their personal data corrected if it is inaccurate or incomplete.
Right to erasure (right to be forgotten): Individuals have the right to request that their personal data is deleted if there is no longer a compelling reason for it to be processed.
Right to restriction of processing: Individuals have the right to request that the processing of their personal data is restricted in certain circumstances.
Right to data portability: Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format and to have their personal data transferred to another data controller.
Right to object: Individuals have the right to object to the processing of their personal data in certain circumstances.
Data Breaches

In the event of a data breach, we will take the following steps:

Assess the nature and severity of the breach.
Notify the relevant authorities and individuals if the breach is likely to result in a high risk to their rights and freedoms.
Take all necessary steps to contain and mitigate the breach.
Conduct a thorough investigation of the breach and identify its root cause.
Take all necessary steps to prevent a similar breach from occurring in the future.
Data Protection Officer (DPO)

We have appointed a Data Protection Officer (DPO) who is responsible for ensuring that we are fully compliant with the GDPR and for advising on our data protection obligations. The contact details of the DPO are [insert contact details].

Training

All employees who process personal data are required to complete data protection training to ensure that they are fully aware of their obligations under the GDPR.

Conclusion

We are committed to protecting the personal data of all individuals with whom we come into contact and to ensuring that we are fully compliant with the GDPR. If you have any questions or concerns about our data protection policy or practices, please do not hesitate to contact our Data Protection Officer.

We will review and update this policy on a regular basis to ensure that it remains up-to-date and reflects our current practices.

Ceremonies by Sigrid