GDPR Policy for SMS and Email Marketing Conta Ideal

1. Introduction

This GDPR policy outlines our unwavering commitment to compliance with the General Data Protection Regulation (GDPR) in the United Kingdom regarding the collection, processing, and utilization of personal data for SMS and email marketing purposes. This policy is applicable to all individuals (data subjects) whose personal information we process for marketing activities.

2. Data Controller

Conta Ideal, situated in The United States, is the designated data controller responsible for ensuring that personal data is processed in strict accordance with GDPR requirements.

3. Data Collection and Consent

3.1. We shall only collect and process personal data for SMS and email marketing purposes when we have explicit and informed consent from data subjects.

3.2. Consent shall be obtained through opt-in mechanisms that transparently elucidate the purpose and extent of data processing.

3.3. Data subjects retain the right to withdraw their consent at any time, and we will promptly cease processing their data upon withdrawal.

4. Data Use and Purpose

4.1. Personal data collected for SMS and email marketing shall exclusively be used for the precise purposes for which it was initially collected, as elucidated in the consent form.

4.2. We shall not share or sell personal data to third parties for marketing purposes without obtaining explicit consent.

5. Data Retention

5.1. Personal data shall not be retained for longer than necessary for the purposes for which it was collected, and we will periodically review and update our data retention policies.

5.2. Data subjects possess the right to request the deletion of their data, and we will promptly respond to such requests, while being mindful of legal obligations.

6. Data Security

6.1. We implement suitable security measures to safeguard personal data from unauthorized access, disclosure, alteration, or destruction.

6.2. Any data breaches will be reported to the Information Commissioner’s Office (ICO) and the affected data subjects, as mandated by GDPR.

7. Data Subject Rights

7.1. Data subjects enjoy the following rights regarding their personal data:

The right to access their data.
The right to rectify inaccurate data.
The right to erasure of their data (“right to be forgotten”).
The right to restrict processing.
The right to data portability.
The right to object to processing.
The right not to be subject to automated decision-making, including profiling.

8. Data Protection Officer (DPO)

8.1. Conta Ideal has appointed a Data Protection Officer responsible for ensuring GDPR compliance and addressing data protection concerns.

9. Marketing Communications

9.1. Marketing communications, including SMS and email, will consistently include an option to opt-out or unsubscribe from further communications.

9.2. We will promptly and securely honor opt-out requests.

10. Data Transfers

10.1. We shall ensure that any transfer of personal data outside the European Economic Area (EEA) adheres to GDPR requirements, including the use of standard contractual clauses or other suitable safeguards.

11. Policy Review

11.1. This policy will be routinely reviewed to guarantee continued compliance with GDPR and any pertinent changes in data protection legislation.