Data Protection Policy

Effective date: 2023-01-01

1. Introduction

At SEINō, we are fully committed to safeguarding the privacy and data of our employees, customers, partners, and all other stakeholders while adhering to the strict requirements of the General Data Protection Regulation (GDPR). This Data Protection Policy outlines our commitment to ensuring the lawful, ethical, and transparent handling of personal data and sensitive information in accordance with GDPR standards.

2. Scope

This policy applies to all employees,contractors, and third parties who process personal data on behalf of SEINō and are subject to the GDPR's provisions.

3. Data Protection Principles

We are dedicated to upholding the following data protection principles in strict compliance with the GDPR:

3.1. Lawfulness, Fairness, and Transparency: We will process personal data lawfully, fairly, and transparently. Individuals will be provided with clear, concise, and easily accessible information about how their data is used, and their rights under the GDPR. 

3.2. Purpose Limitation: We will only collect and process personal data for specific, legitimate purposes, as explicitly detailed in our comprehensive privacy notices.

3.3. Data Minimization: We will collect and process only the data that is necessary for the intended purpose, and we will conduct regular reviews to ensure data remains relevant.

3.4. Accuracy: We will maintain accurate and up-to-date personal data, and individuals have the right to request corrections to their data.

3.5. Storage Limitation: We will retain personal data only for as long as necessary for the purposes for which it was collected, in strict compliance with our data retention policy and GDPR requirements.

3.6. Integrity and Confidentiality: We will rigorously implement appropriate security measures to protect personal data from unauthorized access, disclosure, alteration, or destruction, as mandated by GDPR requirements.

3.7. Accountability: We will actively demonstrate compliance with data protection laws and regulations. We will maintain comprehensive records of processing activities and conduct data protection impact assessments where necessary. 

4. Data Collection and Use

4.1. Consent: We will obtain explicit and informed consent from individuals when required. Consent will be sought through clear and easily understandable consent forms, providing individuals with detailed information about the purposes of data processing.

4.2. Legitimate Interests: Where applicable, we will process personal data based on legitimate interests, ensuring that individuals' rights and interests are not overridden. We will maintain records to justify such processing in line with GDPR requirements.

4.3. Data Subjects' Rights: We will respect and fully support the rights of data subjects, including the right to access, rectify,delete, or object to the processing of their personal data, consistent with GDPR requirements.

4.4. Data Transfer: When personal data is transferred to third parties or outside of the European Economic Area (EEA), we will ensure that robust safeguards are in place to protect the data, such as standard contractual clauses or binding corporate rules, as mandated by GDPR.

5. Data Security and Data Breach Response

5.1. Data Access Control: Access to personal data is restricted to authorized personnel only, and we maintain a detailed record of access. This helps in preventing unauthorized access to personal data.

5.2. Data Encryption: Personal data in transit and at rest is encrypted to protect against unauthorized access, in strict adherence to GDPR requirements. Encryption adds an additional layer of security to safeguard personal data from unauthorized access.

5.3. Data Breach Response: We have a well-defined procedure in place to detect, report, and respond to data breaches as required by the GDPR. Our data breach response procedure includes the following key steps: 

a. Data Breach Identification: The procedure begins with the identification of a potential data breach. This can be triggered by an employee, a security system alert, or any other means. 

b. Data Breach Investigation: Upon identification, a designated data protection officer or incident response team will initiate an immediate investigation to determine the scope, nature, and cause of the breach. 

c. Data Breach Assessment: The severity of the breach will be assessed to determine whether it poses a risk to the rights and freedoms of the affected individuals. This assessment will consider the type of data compromised, the potential harm, and the number of individuals affected.

d. Data Breach Notification: If the breach is likely to result in a risk to the rights and freedoms of individuals, we will promptly notify the relevant supervisory authority, in compliance with the GDPR's notification requirements. This notification will include all necessary details about the breach.

e. Communication with Affected Individuals: If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will also communicate with the affected individuals directly.The communication will include information about the nature of the breach,potential consequences, and measures to mitigate potential harm.

f. Mitigation and Remediation: We will take all necessary steps to mitigate the breach's impact and prevent further breaches.This may include system updates, enhanced security measures, and other actions to strengthen data protection. 

g. Documentation and Record-Keeping: Detailed records of the breach, investigation, and response will be maintained as required by the GDPR to demonstrate compliance.

h. Review and Learning: After addressing the breach, a thorough review will be conducted to learn from the incident and improve our data protection measures to prevent similar breaches in the future. 

i. Legal Compliance: We will ensure that our data breach response procedures are in full compliance with the GDPR's reporting and notification requirements. 

This procedure is in place to ensure that data breaches are managed effectively, and appropriate actions are taken to protect the rights and freedoms of individuals, as mandated by the GDPR. It also serves as a crucial component of our commitment to maintaining the security and integrity of personal data.

6. Policy Review

This policy will be regularly reviewed and updated as necessary to ensure ongoing and unwavering compliance with the GDPR and other relevant data protection laws and regulations.

7. Contact Information

For any inquiries or concerns related to data protection and GDPR compliance, please contact:

SEINō B.V.
Randstad 22 9
1316 BN Almere
085-4010093
hello@seino.ai

Use Cases
Features
Resources
Product
Join our newsletter
Subscribe
Thank you!
Your submission has been received!
Oops! Something went wrong while submitting the form.
Privacy Policy
Design and development by
Copyright ©️ SEINō 2025