GDPR Policy

Introduction

The data-driven world around us is experiencing an Information Revolution, where vast amounts of data about people, their locations, products and services are continuously generated, captured and processed. It is imperative to integrate essential concepts and principles into existing data management policies.

To address key issues, the General Data Protection Regulation (GDPR) has been enforced across the European Union since 25th May 2018. In a world reshaped by data, defining data governance, data processing activities and data compliance is crucial (who owns it, uses it how it’s protected). Consequently, every organisation that collects, processes and stores personal data must take steps to ensure compliance.

The GDPR has been designed to meet the requirements of the digital age by updating and unifying the myriad national data protection laws currently in place with a cohesive set of rules. This regulation aims to standardise data protection laws and processing across the EU, providing individuals with stronger, more consistent rights to access and control their personal information.

Our Commitment to Compliance

A2Z Marketing Agency (we or us or our) is committed to high standards of information security, data privacy transparency. We manage data in accordance with legislation and regulations, including but not limited to GDPR. At A2Z Marketing Agency, we value our customers' success and understand the need for a compliant and consistent approach to data protection. We have always been dedicated to safeguarding the personal information of our users. However, we recognize our obligations to continuously update and expand our program to meet the demands of the GDPR.

Preparing for GDPR

The GDPR imposes new rules on organisations in the European Union (EU) and those that offer goods and services to people in the EU or that collect and analyse data tied to EU residents, regardless of their location.

A2Z Marketing Agency focuses on the following aspects while preparing for GDPR:
  • Building on existing security and business continuity management policies, processes controls, with enhanced personal privacy rights to ensure compliance.
  • Performing gap and privacy assessments to support GDPR compliance for our customers, with mandatory breach reporting and significant penalties for non-compliance.
  • Increasing our duty to protect data by developing compliance plans and building a stronger secure platform for customers, taking control of their data and reviewing deployment options.
  • Providing services to help customers understand and prepare for GDPR.
  • Amending all our data contracts to meet additional requirements introduced by the GDPR.
  • Deploying a dedicated erasure procedure to meet the new Right to Erasure obligation, while assessing data retention and storage periods.
  • Training our workforce on the enhanced data rights given to individuals by the GDPR, ensuring all staff, from sales to security, are aware of key changes.
  • Upgrading procedures and safeguarding measures to secure, encrypt and maintain data integrity, particularly regarding International Data Transfers and Third-Party Disclosures.
  • Enhancing processes for recording consent to ensure we can evidence an affirmative opt-in, along with time and date records provide an easy-to-use mechanism to withdraw consent at any time.

Shared Responsibility

Compliance is a shared responsibility between the organisation and its customers, who also need to adapt their business processes, data management practices and integrations accordingly. A2Z Marketing Agency aims to provide customers with the ability to specify who has access to what data within each domain or branch, ensuring protection from inappropriate access or use. We ensure that our customers remain the sole owners of their data, retaining rights, title interest in data stored over the system. We take appropriate measures for our customers to take advantage of the features inherent in our service to meet their GDPR obligations related to deletion, rectification, transfer of, access to objection to the processing of personal data.

Technical and Organisational Measures

A2Z Marketing Agency is highly perceptive about the privacy and security of users' personal information. We take every reasonable measure and precaution to protect and secure the personal data we process. We have robust information security policies and procedures to protect personal data from alteration, unauthorised access, disclosure destruction and have several layers of security measures. These measures include employee training, data encryption in storage, data encryption in transit, password policies, one-time-password and two-factor authentication mechanisms, as well as other technical and organisational prevention, detective corrective controls.

GDPR Journey: Small Steps Lead to Big Changes

To maintain a consistent level of data protection and security across our organisation, we have deployed a data privacy team responsible for developing and implementing the roadmap for complying with the new data protection regulation. The team promotes awareness of the GDPR, evaluates our GDPR readiness, identifies any flaws and continuously implements new policies, procedures and measures.

We have also incorporated the GDPR training course into our employee training program, specific to our core business functions and deployed it through our induction and annual training programs.

To learn more, you can view our Privacy Policy at [https://a2zma.com] or reach us at bhushan@a2zma.com.