Privacy Policy DLP

Privacy Policy for DLP Printers

Data Privacy and Processing Protocol: Kallas DLP Printer Operations

This Data Privacy and Processing Protocol delineates the procedures governing the acquisition, manipulation, and protection of Personal Data pertaining to individuals (“Users”) who engage with Kallas’s Digital Light Processing (DLP) printers, associated software applications, and related services. The Company is committed to upholding the tenets of data privacy and security in strict adherence to pertinent data protection statutes and regulations.

1. Data Controller Identification and Contact Information

1.1. [Your Company Name], a legally constituted entity operating as a [Your Company Legal Structure – e.g., corporation, LLC] with its principal place of business at [Your Company Address], functions as the Data Controller, bearing the responsibility for determining the objectives and modalities of Personal Data processing as delineated within this Data Privacy and Processing Protocol.
1.2. For all inquiries, concerns, requests, or communications pertaining to this Data Privacy and Processing Protocol or the Company’s data processing practices, Users may direct their correspondence to the following channels:
- (a) [Your Company Name]
- (b) [Your Address]
- (c) [Your Email Address]
- (d) [Your Phone Number (Optional)]
- (e) [Designated Data Protection Officer (DPO) Email Address (If applicable)]
1.3. If the Company has appointed a Data Protection Officer (DPO), the DPO’s contact information is as follows: [DPO Name], [DPO Title], [DPO Email Address], [DPO Phone Number (Optional)]. The DPO is responsible for overseeing the Company’s data protection strategy, ensuring compliance with relevant data protection legislation, and serving as a primary point of contact for data subjects and supervisory authorities.

2. Definitions

Personal Data: Any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Processing: Any operation or set of operations that is performed on Personal Data or on sets of Personal Data, whether or not by automated means, including, but not limited to, collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Data Controller: The natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
Data Processor: A natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Data Controller.
Supervisory Authority: An independent public authority that is established by a Member State pursuant to applicable data protection law to monitor the application of such law.

3. Categories of Personal Data Processed

3.1. User Account Credentials and Profile Data:
- When a User creates an account, registers for our Services, or interacts with associated software interfaces, the Company may collect the following categories of Personal Data:
  - (a) Full legal name, username, and authentication credentials (password), stored using industry-standard cryptographic techniques to ensure data security.
  - (b) Primary and secondary electronic mail addresses, telephone contact numbers (business and/or personal), and postal address.
  - (c) Company name, job title, department, and other pertinent professional details, where applicable and relevant to the User’s engagement with our Services.
  - (d) Communication preferences, including preferred language, notification settings, and opt-in/opt-out selections for marketing communications.
  - (e) Security questions and answers, utilized solely for account recovery procedures.
  - (f) Date of birth and gender, collected on an optional basis and only when explicitly provided by the User.
- Users may also voluntarily provide additional information within their user profiles, including, but not limited to:
  - (a) A profile photograph or avatar image.
  - (b) A concise biographical description or professional summary.
  - (c) Links to professional networking platforms or social media profiles.
  - (d) Areas of expertise, technical skills, or specific interests relevant to DLP technology and 3D printing.
3.2. DLP Printer Operational Telemetry and Usage Data:
- To facilitate the provision, optimization, and support of our Services, the Company may collect granular data pertaining to User utilization of Kallas DLP printers, including, inter alia:
  - (a) Comprehensive print job logs, encompassing detailed timestamps, file names, print queue information, configured printing parameters (e.g., layer thickness, exposure time, support structure settings), and print success/failure indicators.
  - (b) Printer configuration parameters, calibration data, and maintenance records, including software versions, hardware configurations, system settings, and service history.
  - (c) Material consumption metrics, such as resin usage, resin type, and material batch information, providing insights into material efficiency and usage patterns.
  - (d) System error logs, diagnostic data, and printer status information, encompassing component temperatures, performance metrics, sensor readings, and real-time operational status.
  - (e) Printer network connectivity information, including Internet Protocol (IP) addresses, Media Access Control (MAC) addresses, network traffic data, and connection timestamps, utilized for network management and troubleshooting purposes.
3.3. Design Artifacts (Conditional):
- In instances where Users elect to employ Kallas software applications or Services to prepare, store, manage, share, or transmit three-dimensional designs or models (“Design Data”), the Company may collect and process these digital design assets.
- The Company acknowledges the potentially sensitive nature of Design Data, which may contain proprietary, confidential, or commercially valuable intellectual property. The Company will implement robust security measures, including:
  - (a) Encryption of Design Data both in transit and at rest, employing industry-recognized encryption protocols.
  - (b) Granular access control mechanisms to restrict unauthorized access to Design Data.
  - (c) Secure storage protocols and infrastructure to protect the integrity and availability of Design Data.
- Access to and utilization of User Design Data will be strictly limited to the extent necessary to:
  - (a) Provide the requested Services, such as print job preparation, file conversion, or remote printing.
  - (b) Troubleshoot technical issues or address support inquiries related to the Design Data.
  - (c) Comply with legal obligations or respond to valid legal requests.
3.4. Device and Network Information:
- When Users access Kallas Services or interact with our software applications, the Company may automatically collect the following information pertaining to their devices and network connections:
  - (a) Internet Protocol (IP) address, including both IPv4 and IPv6 addresses, which may be utilized to infer the User’s general geographic location.
  - (b) Device type, model, manufacturer, hardware specifications (e.g., processor type, memory capacity), and operating system version and type.
  - (c) Browser type, version, language settings, and installed plugins or extensions.
  - (d) Unique device identifiers, such as Media Access Control (MAC) address, International Mobile Equipment Identity (IMEI), or serial number.
  - (e) Referring website or source, including referring URL, search queries employed to locate our Services, and navigation patterns within our website or software.
  - (f) Geographic location data (if Users explicitly enable location services and provide consent where required by applicable law), which may be determined through IP address geolocation, Global Positioning System (GPS) data, or Wi-Fi network information.
3.5. Communication Records:
- When Users initiate contact with the Company for customer support, technical assistance, sales inquiries, or other communications, the Company may collect and retain records of such interactions, including:
  - (a) Electronic mail correspondence, chat logs, and recorded telephone conversations (where permitted by applicable law and with appropriate User consent, if legally mandated), including associated timestamps and metadata.
  - (b) Support tickets, service requests, bug reports, feature requests, and related documentation, including any attachments, screenshots, or supporting materials provided by the User.
  - (c) Feedback, reviews, survey responses, and other forms of User-generated content provided in connection with our products or services.
3.6. Financial Transaction Data (Conditional):
- In instances where Users procure Kallas DLP printers, materials, software licenses, or other Services, the Company may collect necessary payment processing information to facilitate the transaction, including:
  - (a) Credit card details (card number, cardholder name, expiration date, Card Verification Value (CVV)), bank account information, or other payment method details, as selected by the User.
  - (b) Billing address, shipping address, and comprehensive transaction history, encompassing order details, invoices, payment amounts, payment dates, and shipping tracking information.
- For enhanced security and compliance with industry standards, payment information is typically processed by secure, PCI DSS-compliant third-party payment processors. Users are advised to review the privacy policies of these third-party processors to understand their respective data handling practices. Kallas will retain only transaction-related data that is strictly necessary for order fulfillment, accounting purposes, fraud prevention, and compliance with applicable financial regulations.
3.7. Marketing Communication Preferences:
- The Company may collect and manage data pertaining to User preferences regarding the receipt of marketing communications and promotional materials, including:
  - (a) Explicit records of User consent to receive electronic mail newsletters, promotional offers, event invitations, and other marketing-related communications.
  - (b) Information concerning User interests in specific product categories, services, or events, which may be inferred from User browsing history, purchase behavior, or expressed preferences.
  - (c) Data pertaining to User interactions with marketing campaigns, such as email opens, click-through rates, website visits originating from marketing links, and engagement with social media promotions.
  - (d) User preferences for communication frequency, channels (e.g., email, SMS, postal mail), and content formats.

4. Purposes of Personal Data Processing and Legal Bases

4.1. Service Provision and Contractual Obligations:
- The Company processes User Personal Data when it is necessary for the performance of a contract to which the User is a party, or in order to take steps at the User’s request prior to entering into a contract,including:
  - (a) To provide, operate, maintain, and administer Kallas DLP printers, associated software applications, and related Services, ensuring functionality, reliability, and security.
  - (b) To create and manage User accounts, including user authentication, authorization, account recovery, and profile management.
  - (c) To process User orders for DLP printers, materials, software licenses, and other Services, including order confirmation, shipment, and delivery.
  - (d) To fulfill User requests for information, quotations, demonstrations, or other inquiries.
  - (e) To provide customer support, technical assistance, and troubleshooting services, including diagnosing and resolving printer malfunctions, software errors, or other technical issues.
  - (f) To administer warranties, service agreements, maintenance contracts, and product returns, including processing warranty claims, facilitating repairs or replacements, and managing service schedules.
  - (g) To facilitate seamless communication between the Company and Users regarding service updates, order status, account notifications, billing information, and other essential service-related matters.
- The legal basis for this processing is typically the necessity for the performance of a contract to which the User is a party (e.g., the contract for the purchase of a DLP printer or the provision of a subscription service).
4.2. Service Improvement and Development:
- The Company analyzes User data to pursue its legitimate interests in:
  - (a) Gaining valuable insights into how Kallas DLP printers, software applications, and Services are utilized by Users to identify areas for improvement, optimization, and enhancement.
  - (b) Identifying, diagnosing, and troubleshooting technical issues, bugs, performance bottlenecks, and usability challenges to enhance the reliability, stability, and overall quality of our offerings.
  - (c) Enhancing the functionality, performance characteristics, user interface, user experience, and accessibility of Kallas DLP printers, software, and Services.
  - (d) Developing new products, services, features, and functionalities to anticipate and meet evolving user needs, market demands, and technological advancements in the field of 3D printing and DLP technology.
- This processing may involve:
  - (a) Aggregating and anonymizing User data to create statistical reports, usage analytics, and performance dashboards.
  - (b) Conducting user research studies, surveys, and feedback sessions to gather qualitative and quantitative insights into user preferences, pain points, and satisfaction levels.
  - (c) Monitoring system performance, analyzing error logs, and identifying patterns in user behavior and interaction with our Services.
  - (d) A/B testing of new features or design changes to evaluate their effectiveness and user impact.
4.3. User Experience Personalization:
- The Company may process User data to pursue its legitimate interests in:
  - (a) Personalizing and customizing the User’s experience with Kallas Services by remembering individual preferences, settings, display options, language choices, and other user-specific configurations.
  - (b) Providing Users with relevant and tailored content, recommendations, and targeted information pertaining to products, services, tutorials, and support resources that align with their interests, usage patterns, and past interactions with our Services.
  - (c) Tailoring the user interface, navigation, and functionality of our software applications and online platforms to optimize the User’s workflow and enhance productivity.
- In certain circumstances, the Company may rely on the User’s explicit consent to process their data for advanced personalization purposes, such as when employing sophisticated profiling techniques or targeted advertising. Users retain the unencumbered right to withdraw their consent at any time.
4.4. Marketing and Communications (Subject to Consent):
- Subject to obtaining the User’s explicit, informed, specific, and freely given consent, where required by applicable law, the Company may utilize User data to pursue its legitimate interests in:
  - (a) Distributing promotional materials, newsletters, marketing emails, targeted advertisements, and other communications concerning Kallas products, services, special offers, and upcoming events.
  - (b) Informing Users about industry developments, relevant news, educational resources, best practices, and technological advancements in the field of 3D printing and DLP technology.
  - (c) Conducting market research, surveys, and feedback requests to gather insights into User preferences, satisfaction levels, and the effectiveness of our marketing campaigns.
- Users retain the unequivocal right to opt-out of receiving marketing communications from the Company at any time. This right may be exercised through various mechanisms, including:
  - (a) Utilizing the unsubscribe links or mechanisms provided within the marketing communications themselves.
  - (b) Adjusting communication preferences within the User’s account settings or profile.
  - (c) Contacting the Company directly through the designated channels specified in Section 10.
- The legal basis for processing User data for marketing purposes is typically the User’s explicit consent.
4.5. Security and Fraud Prevention:
- The Company processes User data to pursue its legitimate interests in:
  - (a) Monitoring, maintaining, and safeguarding the security, integrity, and availability of Kallas DLP printers, software applications, Services, and related infrastructure (e.g., networks, servers, databases).
  - (b) Detecting, investigating, preventing, and responding to fraudulent activities, unauthorized access attempts, security breaches, malware infections, denial-of-service attacks, and other potentially harmful or malicious conduct.
  - (c) Enforcing our terms of service, acceptable use policies, licensing agreements, and other contractual agreements to protect our rights, property, and the rights and safety of our users.
- This processing may involve:
  - (a) Implementing security measures such as intrusion detection systems, firewalls, and access control mechanisms.
  - (b) Monitoring system logs and network traffic for suspicious patterns or anomalies.
  - (c) Analyzing user behavior and transaction data to identify potential fraud.
  - (d) Cooperating with law enforcement agencies, security researchers, or other relevant authorities in investigations of illegal activities or security incidents.
4.6. Legal and Regulatory Compliance:
- The Company may process User data to comply with its legal and regulatory obligations, including:
  - (a) Adhering to applicable laws and regulations related to data protection, privacy, consumer protection, taxation, export control, product safety, and other relevant areas.
  - (b) Responding to valid legal processes, such as subpoenas, court orders, search warrants, or requests from government agencies or regulatory bodies.
  - (c) Establishing, exercising, or defending our legal rights in connection with legal claims, litigation, arbitration, or other legal proceedings, including intellectual property disputes.
- The legal basis for this processing is typically the Company’s compliance with legal obligations or its legitimate interests in protecting its legal rights.
4.7. Research and Analytics (Anonymized Data):
- The Company may aggregate and anonymize User data, removing any information that could directly or indirectly identify individual users, to pursue its legitimate interests in:
  - (a) Conducting internal research, statistical analysis, and data modeling to gain a deeper understanding of user behavior, product performance, and market trends.
  - (b) Analyzing user behavior patterns, usage statistics, and market trends to inform product development, marketing strategies, and business decisions.
  - (c) Improving our business operations, optimizing resource allocation, and enhancing efficiency.
- Anonymized data is no longer considered Personal Data and is therefore not subject to the same data protection regulations as personally identifiable information.

5.Disclosure of Personal Data

5.1. Corporate Affiliates:
- - The Company may share User Personal Data with its subsidiaries, holding companies, and affiliated entities, both within and outside the User’s country of residence, for the following purposes:
    - (a) Facilitating the provision of Services to Users, such as customer support, billing, and order fulfillment.
    - (b) Internal business operations, including administrative processes, auditing, financial reporting, and human resources management.
    - (c) Product development, research, and innovation initiatives.
    - (d) Marketing and sales activities, subject to obtaining User consent where required by applicable law, to promote our products and services.
- 5.2. Third-Party Service Providers:
  - The Company engages a carefully selected network of third-party service providers to facilitate the efficient and effective provision of its Services. These providers are contractually obligated to process User Personal Data only in accordance with the Company’s documented instructions and all applicable data protection laws.
  - Categories of third-party service providers may include, but are not limited to:
    - (a) Cloud hosting providers and data storage facilities that provide the necessary infrastructure for our Services and data storage needs.
    - (b) Payment processing gateways and financial institutions that facilitate secure payment transactions and manage billing processes.
    - (c) Shipping and logistics companies that handle the transportation and delivery of our products to Users.
    - (d) Website analytics platforms and marketing automation software that assist us in analyzing website traffic, user engagement, and managing marketing campaigns.
    - (e) Customer relationship management (CRM) systems and support ticketing platforms that enable us to manage customer interactions, support requests, and feedback.
    - (f) Software development and maintenance providers that help us develop, maintain, and update our software applications and systems.
    - (g) Legal, accounting, and consulting firms that provide professional services to our company, including legal advice, financial auditing, and business consulting.
    - (h) Data security providers that offer services such as intrusion detection, vulnerability scanning, and security monitoring.
  - The Company will execute comprehensive data processing agreements (DPAs) or similar contractual arrangements with these third-party service providers, as required by applicable data protection legislation, to ensure that they adhere to stringent data protection standards and practices. These agreements will typically include provisions that:
    - (a) Mandate that the service provider process Personal Data only for the specified purposes outlined in the agreement and in accordance with the Company’s documented instructions.
    - (b) Require the service provider to implement and maintain appropriate technical and organizational measures to protect Personal Data, commensurate with the sensitivity of the data and the inherent risks involved in the processing activities.
    - (c) Obligate the service provider to maintain the confidentiality of Personal Data and restrict access to authorized personnel only on a need-to-know basis.
    - (d) Ensure that the service provider complies with all applicable data protection laws and regulations, including any requirements for cross-border data transfers.
    - (e) Cooperate with the Company in responding to data subject requests, such as requests for access, rectification, erasure, restriction, or data portability.
    - (f) Notify the Company without undue delay in the event of a data breach or security incident affecting User Personal Data.
    - (g) Assist the Company in conducting data protection impact assessments (DPIAs), if mandated by applicable law.
    - (h) Grant the Company audit and inspection rights to verify the service provider’s compliance with its data protection obligations.
- 5.3. Business Transition Events:
  - In the event of a corporate restructuring, merger, acquisition, sale of all or a material portion of the Company’s assets, bankruptcy proceedings, or other similar business transaction (“Business Transition Event”), User Personal Data may be transferred to the acquiring entity or other successor in interest.
  - The Company will, to the extent legally permissible and reasonably practicable, provide Users with prior notice of any such Business Transition Event and any choices they may have regarding their Personal Data, such as the right to object to the transfer of their data or to request its deletion.
- 5.4. Judicial and Legal Mandates:
  - The Company may disclose User Personal Data to law enforcement agencies, regulatory bodies, governmental authorities, courts of competent jurisdiction, or other third parties when the Company has a good faith belief that such disclosure is necessary and proportionate to:
    - (a) Comply with a legal obligation imposed by applicable laws, regulations, judicial processes, or enforceable governmental requests, including tax obligations, anti-money laundering regulations, or requests from law enforcement.
    - (b) Enforce our terms of service, licensing agreements, acceptable use policies, or other contractual agreements with Users, to protect our rights and ensure compliance with our terms.
    - (c) Respond to valid legal processes, such as subpoenas, court orders, search warrants, or other legal demands, to comply with due process of law.
    - (d) Protect the vital interests of the User or of another natural person, such as in cases of medical emergencies or to prevent imminent harm to life or safety.
  - The Company will make reasonable efforts to notify Users of any such disclosure of their Personal Data, unless prohibited by law or where exigent circumstances exist that preclude prior notification, such as in emergency situations or when legally prohibited from providing notice.
- 5.5. With Explicit User Consent:
  - The Company may share User Personal Data with designated third parties for purposes not explicitly described in this Data Privacy and Processing Protocol if the Company has obtained the User’s explicit, informed, specific, and freely given consent to do so.
  - When seeking User consent for such data sharing, the Company will provide clear and comprehensive information to the User regarding:
    - (a) The specific purposes of the data sharing.
    - (b) The categories of data to be shared.
    - (c) The identity of the third-party recipients or categories of recipients.
    - (d) Any potential risks associated with the data sharing.
    - (e) The User’s right to withdraw their consent at any time.

6.Personal Data Security Infrastructure and Measures

6.1. The Company is committed to implementing and maintaining commercially reasonable, industry-standard, and state-of-the-art technical and organizational security measures to protect User Personal Data against unauthorized access, use, disclosure, alteration, destruction, or other unlawful forms of processing. These measures are designed to ensure the confidentiality, integrity, and availability of User data and to mitigate the risks associated with data processing.
- - 6.2. These security measures may include, but are not limited to:
    - (a) Data Encryption:
      - (i) Encryption of Personal Data both in transit and at rest, utilizing industry-recognized encryption protocols such as Transport Layer Security (TLS) for data transmission over networks and Advanced Encryption Standard (AES) for data storage.
      - (ii) Encryption of sensitive data at the application layer, such as end-to-end encryption for certain communication channels or encryption of Design Data stored on our servers.
    - (b) Access Control Mechanisms:
      - (i) Implementation of robust password policies, including requirements for password complexity, strength, and regular rotation.
      - (ii) Multi-factor authentication (MFA) to add an extra layer of security to user logins, requiring users to provide multiple forms of verification before accessing their accounts.
      - (iii) Role-based access control (RBAC) to restrict access to Personal Data to authorized personnel only, based on their job responsibilities and the principle of least privilege.
      - (iv) Regular review and revocation of access privileges for employees who no longer require access to specific data.
      - (v) Secure session management to prevent unauthorized access through session hijacking or other attacks.
    - (c) Security Vulnerability Assessments and Penetration Testing:
      - (i) Regular security vulnerability scans of our systems, networks, and software applications to identify and address potential security weaknesses.
      - (ii) Periodic penetration testing by qualified security professionals to simulate real-world attack scenarios and assess the effectiveness of our security measures.
    - (d) Employee Training and Awareness:
      - (i) Comprehensive and ongoing employee training programs on data security best practices, privacy regulations, and the importance of protecting User Personal Data.
      - (ii) Training on specific security procedures, such as secure data handling, incident reporting, and phishing awareness.
    - (e) Physical Security Measures:
      - (i) Implementation of physical security measures to protect our servers, data centers, offices, and other facilities where Personal Data is stored or processed, including access control systems (e.g., keycard access, biometric authentication), surveillance systems, and environmental safeguards (e.g., temperature and humidity control, fire suppression).
    - (f) Incident Response Plan:
      - (i) Development and implementation of a comprehensive incident response plan to effectively address and mitigate the impact of any data breaches or security incidents, including procedures for containment, eradication, recovery, and notification.
      - (ii) Regular testing and review of the incident response plan to ensure its effectiveness.
    - (g) Data Loss Prevention (DLP) Technologies:
      - (i) Deployment of DLP technologies to monitor and prevent the unauthorized exfiltration of sensitive data, such as Design Data or payment information, through various channels, including email, file transfers, and printing.
    - (h) Data Backup and Disaster Recovery:
      - (i) Regular and automated data backups to ensure data availability and recovery in the event of data loss due to hardware failures, software errors, or other unforeseen events.
      - (ii) Implementation of a comprehensive disaster recovery plan to ensure business continuity and minimize downtime in the event of a major disruption.
  - 6.3. The Company continuously monitors and updates its security infrastructure and practices to adapt to evolving security threats, technological advancements, and industry best practices. We strive to stay at the forefront of data security and privacy.
  - 6.4. While the Company endeavors to implement state-of-the-art security measures to protect User Personal Data, Users acknowledge and accept that no method of data transmission over the internet or method of electronic storage is entirely infallible, and absolute security cannot be guaranteed. In the event of a confirmed data breach that poses a high risk to the rights and freedoms of natural persons, the Company will comply with all applicable data breach notification laws, including notifying affected Users and the relevant supervisory authorities without undue delay and in accordance with legal requirements.

7. Personal Data Retention Schedule

7.1. The Company will retain User Personal Data only for the duration necessary to fulfill the defined purposes for which it was originally collected, as outlined in Section 4 of this Protocol, and as necessary to comply with the Company’s legal and regulatory obligations, resolve disputes, and enforce our contractual agreements. We will not retain your data longer than is necessary.
- - 7.2. The specific data retention periods for different categories of Personal Data will vary depending on the nature of the data, the purpose of processing, and the requirements of applicable laws and regulations. The Company will establish and maintain data retention schedules that specify the appropriate retention periods for various data categories, balancing business needs with data minimization principles. These schedules will be based on factors such as:
    - (a) The duration of the User’s relationship with the Company and the length of time the User actively utilizes our Services.
    - (b) Any legal or regulatory obligations that mandate specific retention periods, such as tax laws, accounting regulations, or data protection laws (e.g., retention periods for transaction data to comply with tax audits).
    - (c) The necessity of retaining the data to establish, exercise, or defend legal claims, or to comply with legal processes, such as pending litigation or investigations.
    - (d) The need to retain the data for ongoing service provision, such as account maintenance, customer support, and warranty administration.
    - (e) Industry best practices and guidelines for data retention in relevant sectors.
  - 7.3. Upon the expiration of the applicable retention period, the Company will securely delete or anonymize the Personal Data in accordance with its documented data disposal policies and procedures. This may involve techniques such as:
    - (a) Securely wiping storage media (e.g., hard drives, solid-state drives) to prevent data recovery.
    - (b) Deleting data from databases and systems in a manner that ensures its permanent removal.
    - (c) Aggregating and anonymizing data to remove any identifying information, making it suitable for statistical analysis and research purposes.
    - (d) Implementing data archiving policies to move data to secure, long-term storage for specific purposes, with restricted access and defined retention limits.

8.User Data Subject Rights Framework

8.1. Users, as Data Subjects, possess certain inalienable rights concerning their Personal Data, as stipulated by applicable data protection laws. The Company is committed to facilitating the transparent and timely exercise of these rights, subject to any limitations or exemptions provided by law.
- - 8.2. Users have the following rights:
    - (a) Right of Access: Users have the right to obtain confirmation from the Company as to whether or not Personal Data concerning them is being processed,and, where that is the case, to request access to such Personal Data and to obtain a copy of the Personal Data undergoing processing. This right includes the right to obtain information about:
      - (i) The purposes of the processing.
      - (ii) The categories of Personal Data concerned.
      - (iii) The recipients or categories of recipient to whom the Personal Data have been or will be disclosed, including recipients in third countries or international organizations.
      - (iv) The envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period
      - (v) The existence of the right to request rectification or erasure of Personal Data or restriction of processing of Personal Data concerning the Data Subject or to object to such processing.
      - (vi) The right to lodge a complaint with a supervisory authority.
      - (vii) Where the Personal Data are not collected from the Data Subject, any available information as to their source.
      - (viii)The existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject.
    - (b) Right to Rectification: Users have the right to obtain from the Company, without undue delay, the rectification of inaccurate Personal Data concerning them. Taking into account the purposes of the processing, the User shall have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
    - (c) Right to Erasure (“Right to be Forgotten”): Users have the right to obtain from the Company the erasure of Personal Data concerning them without undue delay, and the Company shall have the obligation to erase such data without undue delay where one of the following grounds applies:
      - (i) The Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
      - (ii) The User withdraws consent on which the processing is based, and there is no other legal ground for the processing.
      - (iii) The User objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the User objects to the processing pursuant to Article 21(2) of the GDPR.
      - (iv) The Personal Data has been unlawfully processed
      - (v) The Personal Data has to be erased for compliance with a legal obligation in Union or Member State law to which the Company is subject.
    - (d) Right to Restriction of Processing: Users have the right to obtain from the Company restriction of processing where one of the following applies:
      - (i) The accuracy of the Personal Data is contested by the User, for a period enabling the Company to verify the accuracy of the Personal Data.
      - (ii) The processing is unlawful and the User opposes the erasure of the Personal Data and requests the restriction of their use instead.
      - (iii) The Company no