top of page

GDPR (General Data Protection Regulation) Policy

Introduction


At VFTee Ltd., we are committed to protecting the privacy and security of personal data processed in the course of our business operations. This Policy outlines our approach to ensuring compliance with the General Data Protection Regulation (GDPR) and our commitment to safeguarding the personal data of our customers, employees, and other stakeholders.
 

 

Scope

​

This GDPR Policy applies to all personal data processed by VFTee Ltd., whether collected online, offline, or through any other channels. This includes data collected from customers, employees, contractors, vendors, and any other individuals or entities we interact with.
 

 

Principles of Data Protection

​

At VFTee Ltd., we adhere to the following principles of data protection:

  1. Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and transparently, ensuring that individuals are informed about how their data is being processed.

  2. Purpose Limitation: Personal data is collected and processed only for specified, explicit, and legitimate purposes, and not processed in a manner incompatible with those purposes.

  3. Data Minimization: We only collect personal data that is adequate, relevant, and necessary for the specified purposes.

  4. Accuracy: We take reasonable steps to ensure that personal data is accurate, complete, and up-to-date, and we rectify any inaccuracies without undue delay.

  5. Storage Limitation: Personal data is not retained for longer than necessary for the purposes for which it was collected.

  6. Integrity and Confidentiality: We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
     

 

Roles and Responsibilities


Our Data Protection Officer (DPO) oversees compliance with GDPR requirements and acts as a point of contact for data subjects and supervisory authorities. We are all responsible for understanding and complying with this Policy, including our specific obligations regarding the processing of personal data.

 

​

Data Collection and Processing

​

We collect personal data only for specified, explicit, and legitimate purposes and inform individuals about the purposes of processing. Consent is obtained from individuals before collecting their personal data, where required by applicable law. Personal data is processed only to the extent necessary for the purposes for which it was collected.

 

 

Data Subject Rights

 

We respect the rights of data subjects as outlined in the GDPR, including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object to processing. Data subjects can exercise their rights by contacting our Data Protection Officer.

 

 

Data Security

 

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including measures to protect against unauthorized or unlawful processing and against accidental loss, destruction, or damage. Security measures are regularly reviewed and updated to remain effective against emerging threats.

 

 

Data Breach Management

​

In the event of a data breach, we promptly assess the risk to individuals’ rights and freedoms and, if necessary, notify the relevant supervisory authority and affected individuals in accordance with our obligations under the GDPR. Records of all data breaches, including the facts surrounding the breach and remedial action taken, are maintained.

 

 

Third-Party Processing

 

Where personal data is processed by third-party service providers on our behalf, appropriate data processing agreements are in place to ensure compliance with the GDPR.

 

 

Training and Awareness

 

We provide regular training to employees and contractors on their responsibilities under the GDPR and promote a culture of awareness and compliance throughout the organization.

 

 

Policy Review

 

This Policy is reviewed and updated regularly to ensure it remains accurate, effective, and compliant with applicable law.

​

 

Contact Information

 

For questions or concerns regarding this Policy or our data protection practices, please contact us.

bottom of page