1. Introduction

KhataOne is committed to compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This page outlines our GDPR compliance measures and your rights as a data subject.

2. Your Rights Under GDPR

As a data subject, you have the following rights under GDPR:

3. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the information provided below. We will respond to your request within one month of receipt.

When making a request, please provide:

• Your full name and contact information
• Description of the right you wish to exercise
• Any relevant account information or identifiers
• Proof of identity (to ensure we only disclose information to authorized individuals)

4. Legal Basis for Processing

We process your personal data based on the following legal bases:

• Consent: When you have given clear consent for us to process your personal data
• Contract: When processing is necessary for the performance of a contract
• Legal Obligation: When we need to comply with a legal obligation
• Legitimate Interests: When processing is necessary for our legitimate interests

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we securely delete or anonymize it.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

• Encryption of data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response procedures

7. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and in any event within 72 hours of becoming aware of the breach.

8. Data Processing Agreements

When we engage third-party service providers who process personal data on our behalf, we ensure they have appropriate data processing agreements in place that comply with GDPR requirements.

9. International Data Transfers

If we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, to protect your data in accordance with GDPR requirements.

10. Supervisory Authority

If you believe we have not addressed your concerns or have violated your rights under GDPR, you have the right to lodge a complaint with your local data protection supervisory authority.

11. Contact Us

For GDPR-related inquiries or to exercise your rights, please contact our Data Protection Officer:

Email: gdpr@khataone.com
Address: 123 Business Street, Suite 100, City, State 12345
Data Protection Officer: [Name]
Email: dpo@khataone.com