Calibr GDPR Policy
This GDPR Policy outlines how Calibr (https://calibr.ai) operates as a Data Processor and adheres to the General Data Protection Regulation (GDPR). As a trusted provider of online learning platform, we are committed to ensuring the protection and privacy of personal data entrusted to us by our clients (Data Controllers). This policy highlights our data processing practices and the measures we take to comply with GDPR requirements.
Definitions:
- Data Processor: Calibr, as a Data Processor, refers to our organization that processes personal data on behalf of our clients (Data Controllers).
- Data Controller: The Data Controller refers to the entity or organization that determines the purposes and means of personal data processing. Our clients who engage Calibr's services act as the Data Controllers.
- Personal Data: Personal data includes any information that can directly or indirectly identify an individual.
- Processing: Processing refers to any operation or set of operations performed on personal data, such as collection, storage, use, disclosure, and erasure.
Data Processing Principles:
Calibr commits to the following principles when processing personal data as a Data Processor:
- Lawfulness, Fairness, and Transparency: We process personal data in a lawful, fair, and transparent manner, adhering to the legal basis defined by the Data Controller.
- Purpose Limitation: We process personal data only for the purposes defined by the Data Controller and do not use it for any other purposes without proper authorization.
- Data Minimization: We collect and process only the minimum necessary personal data required to fulfill the agreed-upon services.
- Accuracy: We take reasonable steps to ensure the accuracy and relevance of personal data and update it when necessary.
- Storage Limitation: We retain personal data only for the duration specified by the Data Controller or as required by applicable laws and regulations.
- Integrity and Confidentiality: We implement appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of personal data.
- Accountability: We maintain documentation of our data processing activities and implement measures to demonstrate compliance with GDPR requirements.
Data Processing Obligations:
- Processing Instructions: Calibr processes personal data as per the instructions provided by the Data Controller, unless required by applicable laws. We do not engage in processing activities beyond the scope of these instructions without the explicit consent of the Data Controller.
- Confidentiality and Security: We implement technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, or destruction. These measures include but are not limited to encryption, access controls, secure storage, and regular security assessments.
- Data Subject Rights: Calibr supports the Data Controller in fulfilling data subjects' rights, including the rights to access, rectify, erase, restrict processing, data portability, and object to processing. We promptly notify the Data Controller of any data subject requests received.
- Data Breach Management: In the event of a data breach, Calibr will promptly inform the Data Controller of the breach, provide assistance, and take necessary measures to mitigate the impact and prevent future occurrences.
- Sub-processors: Calibr may engage sub-processors to assist in delivering our services. We ensure that these sub-processors comply with GDPR requirements and have appropriate safeguards in place to protect personal data.
- International Data Transfers: If personal data is transferred outside the European Economic Area (EEA), Calibr ensures that appropriate safeguards, such as Standard Contractual Clauses, are in place to protect the data in accordance with GDPR requirements.
Data Protection Officer:
Calibr has appointed a Data Protection Officer (DPO) to oversee our data protection practices and ensure compliance with GDPR. The DPO can be contacted at dpo@calibr.ai
Contact Information:
If you have any questions, concerns, or requests regarding the processing of personal data by Calibr, please contact our Data Protection Officer at dpo@calibr.ai
Conclusion:
Calibr is committed to maintaining the highest standards of data protection and privacy as a Data Processor. We continuously review and update our policies and practices to comply with GDPR requirements. By implementing robust security measures and respecting the rights of data subjects, we strive to build trust and foster a secure environment for our clients.