GDPR Compliance & Data Protection

Our Commitment to GDPR

At Paytia Ltd, we are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust data protection program in place which complies with existing laws and abides by the data protection principles.

We recognize that the EU General Data Protection Regulation (GDPR) and UK Data Protection laws strengthen individuals' rights and impose stricter requirements on organizations handling personal data, and we welcome these enhancements.

How We Comply with GDPR

Our preparation for GDPR compliance has included the following activities:

• Information Audit - We've carried out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed.
• Policies & Procedures - We've implemented data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including:
• Data Protection Policy
• Data Retention & Erasure Policy
• Data Breach Procedures
• Subject Access Request Procedures
• Legal Basis for Processing - We've reviewed all processing activities to identify the legal basis for processing and ensuring that each basis is appropriate for the activity it relates to.
• Privacy Notice - We've revised our Privacy Notice to comply with the GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, and their rights.
• Obtaining Consent - We've revised our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information.
• Direct Marketing - We've revised the wording and processes for direct marketing, including clear opt-in mechanisms for marketing subscriptions.
• Data Subject Rights - We provide easy-to-access information via our Privacy Notice of an individual's right to access any personal information that Paytia processes about them and to request information about:
• What personal data we hold about them
• The purposes of the processing
• The categories of personal data concerned
• The recipients to whom the personal data has/will be disclosed
• How long we intend to store their personal data
• If we did not collect the data directly from them, information about the source

Data Security & Breach Notification

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data
• Ability to ensure ongoing confidentiality, integrity, availability and resilience of processing systems and services
• Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
• Process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing

In the case of a personal data breach, we will notify the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it.

International Data Transfers

Paytia Ltd recognizes that transfers of personal data to third countries are subject to special rules under the GDPR. If we transfer personal data outside the European Economic Area (EEA), we ensure that one of the following safeguards applies:

• The country has been deemed to provide an adequate level of protection by the European Commission
• Standard contractual clauses approved by the European Commission
• Binding corporate rules

Contact Us About GDPR

If you have any questions about our GDPR compliance or wish to exercise your rights under GDPR, please contact our Data Protection Officer:

Data Protection Officer
Paytia Ltd
Email: privacy@paytia.com