Last updated: 20th January, 2024
At PandaHR, we are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We recognise our obligations in updating and expanding our GDPR compliance program to meet the standards and requirements of the GDPR.
Compliance with GDPR Principles: We adhere to the GDPR principles of data processing, ensuring that personal data is processed lawfully, transparently, and for a specific purpose.
Data Security Measures: PandaHR implements robust technical and organisational measures to ensure the highest possible level of data security.
Access and Control: We provide users with the means to access, rectify, erase, restrict, or object to the processing of their personal data, in line with their rights under the GDPR.
Data Portability: Upon request, we enable data subjects to receive their personal data in a structured, commonly used, and machine-readable format.
Prompt Response: In the event of a data breach, PandaHR is committed to promptly notifying the relevant supervisory authority and data subjects in accordance with GDPR requirements.
Lawful Processing: As data controllers, clients are responsible for ensuring that personal data is processed lawfully and transparently.
Consent Management: Clients must obtain and manage consent where required, and ensure that data subjects are informed about their data processing activities.
Conducting DPIAs: Clients are responsible for conducting Data Protection Impact Assessments (DPIAs) when initiating new projects or processing activities that may impact the protection of personal data.
Handling Requests: Clients must establish and maintain processes to effectively handle data subject requests in accordance with GDPR timelines and requirements.
PandaHR is dedicated to maintaining compliance with the GDPR and other relevant data protection laws. We regularly review our practices to ensure they align with the latest regulatory requirements and best practices in data protection.