We review our consent mechanisms to obtain personal data, ensure that individuals understand what they are providing, why and how we use it and provide clear and defined means for us to process their information. We have developed rigorous processes to record consent, ensuring that we can prove your acceptance, as well as date and time records; and an easy way to view and access your consent at any time.
Data Protection Impact Assessments (DPIAs) - where we process personal information considered high risk; We have developed rigorous evaluation procedures and models to conduct impact assessments in accordance with the requirements of Article 35 of the GDPR. We have implemented documentation processes that record each assessment, allow us to assess the risk posed by the processing activity and implement mitigation measures to reduce the risk posed to the individual(s) concerned. Use of third-party services - when we use a third party to process personal information on our behalf (e.g. PAYPAL, SOFORT, OGONE, MAILCHIMP), we have verified that the processing is in accordance with GDPR obligations. These measures include initial and ongoing reviews of the service provided, the need for the processing activity, the technical and organizational measures in place and compliance with the GDPR.