LOONG SAILS-UK LIMITED

GDPR Compliance

Loong Sails-UK Limited (“Loong Sails,” “we,” “our,” or “us”) is fully committed to complying with the General Data Protection Regulation (GDPR) and ensuring the privacy and security of personal data collected during our business operations. We have thoroughly assessed the impact of GDPR on our activities and implemented the necessary compliance measures to safeguard your personal information.

As a controller of personal data, we take responsibility for determining how and why data is processed and ensure that all handling of data complies with GDPR standards. We do not require additional contractual provisions with our clients beyond those necessary for legal and regulatory requirements unless specifically agreed.

Our GDPR Commitments:

  1. Fair and Transparent Data Processing:
    • We ensure that individuals are informed about the collection and use of their personal data.
    • Personal data is processed only on lawful grounds and in alignment with GDPR principles.
    • When processing sensitive data, such as health-related information, we obtain explicit consent when required, unless otherwise permitted by law.
  2. Purpose Limitation:
    • Personal data is processed only for the specific purposes for which it was collected. If we need to use the data for a new purpose, we will ensure the new processing activity complies with GDPR, which may include obtaining your consent.
  3. Data Minimization and Accuracy:
    • We collect only the personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
    • We take steps to keep personal data accurate and up-to-date.
  4. Security Measures:
    • Appropriate technical and organizational safeguards are in place to protect personal data from unauthorized access, alteration, disclosure, or destruction. We also ensure our subcontractors implement and follow security standards compliant with GDPR.
  5. Data Protection by Design:
    • We incorporate privacy principles into our processes and systems, ensuring compliance with GDPR from the outset.
    • Where required, we conduct Data Protection Impact Assessments (DPIAs) to evaluate risks associated with the processing of personal data.
  6. International Data Transfers:
    • If personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as the use of the European Commission’s approved standard contractual clauses for intra-group transfers.
  7. Data Retention:
    • Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected and processed, in accordance with GDPR guidelines.
  8. Honoring Individual Rights:
    • We respect individuals’ rights regarding their personal data, including the right to access, update, and delete their information. We will respond to any such requests in line with GDPR requirements.
  9. Accountability and Compliance:
    • We maintain internal policies and procedures to ensure ongoing compliance with GDPR. These policies are reviewed and updated periodically to reflect any changes in data protection laws or regulations.