GDPR Compliance

1. Our Commitment to GDPR

Sunkite Consulting is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and what rights you have regarding your personal data.

The GDPR is a comprehensive data protection law that came into effect on May 25, 2018, across the European Union (EU) and European Economic Area (EEA). It applies to any organization that processes personal data of individuals in the EU/EEA, regardless of where the organization is based.

2. Legal Basis for Processing

We process your personal data only when we have a legal basis to do so. Under GDPR, we rely on the following legal bases:

• Consent: You have given clear consent for us to process your personal data for a specific purpose.
• Contract: Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
• Legal obligation: Processing is necessary for us to comply with the law.
• Legitimate interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.

3. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

3.1 Right to Access

You have the right to request copies of your personal data. We may charge a small fee for this service.

3.2 Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

3.3 Right to Erasure

You have the right to request that we erase your personal data, under certain conditions (also known as the "right to be forgotten").

3.4 Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

3.5 Right to Data Portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

3.6 Right to Object

You have the right to object to our processing of your personal data, under certain conditions.

3.7 Rights Related to Automated Decision Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

4. How We Protect Your Data

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication mechanisms
• Staff training on data protection and security
• Incident response and breach notification procedures
• Regular backups and disaster recovery plans

5. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider:

• The amount, nature, and sensitivity of the personal data
• The potential risk of harm from unauthorized use or disclosure
• The purposes for which we process your personal data
• Whether we can achieve those purposes through other means
• Applicable legal requirements

6. International Data Transfers

If we transfer your personal data outside the UK or EEA, we ensure appropriate safeguards are in place to protect your data, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Binding Corporate Rules
• Other legally approved mechanisms

7. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
• Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms
• Document all data breaches, including the facts, effects, and remedial action taken

8. Third-Party Processors

We may engage third-party service providers to process personal data on our behalf. When we do so, we:

• Only use processors that provide sufficient guarantees of GDPR compliance
• Enter into written contracts that specify data protection obligations
• Ensure processors only process data according to our documented instructions
• Regularly audit and monitor processor compliance

9. Children's Privacy

Our services are not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information.

10. Exercising Your Rights

To exercise any of your rights under GDPR, please contact us using the details below. We will respond to your request within one month, though this may be extended by two further months in complex cases.

You also have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

11. Updates to This Policy

We may update this GDPR Compliance statement from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated statement on this page and updating the "Last Updated" date.

12. Contact Us

If you have any questions about our GDPR compliance or wish to exercise your data protection rights, please contact us: