Data Protection Policy

  1. Purpose and Scope

    This Data Protection Policy ensures that Rhino Capital Group EOOD and its subsidiary xnvia.com (Xnvia), complies with the General Data Protection Regulation (GDPR) in protecting the personal data of our employees, clients, suppliers, and other individuals. This policy applies to all personal data processed by Xnvia.

  2. Data Protection Principles

    Xnvia is committed to processing data in compliance with the GDPR principles. Personal data will be:

    1. Processed lawfully, fairly, and in a transparent manner.

    2. Collected only for specified, explicit, and legitimate purposes.

    3. Adequate, relevant, and limited to what is necessary.

    4. Accurate and, where necessary, kept up to date.

    5. Retained only for as long as necessary.

    6. Processed with integrity and confidentiality, ensuring data security.

  3. Lawful Basis for Processing

    Xnvia processes personal data only under lawful basis defined by the GDPR, including but not limited to:

    • Consent: Where individuals have provided explicit consent.

    • Contractual necessity: For data processing required to fulfill a contract.

    • Legal obligation: For data processing required by law.

    • Legitimate interests: For data processing required for the legitimate interests of the company or third parties, balancing individual rights and expectations.

  4. Rights of Data Subjects

    Under the GDPR, individuals have the following rights regarding their personal data:

    1. Right to Access: Data subjects can request access to their data and how it is processed.

    2. Right to Rectification: Data subjects can request corrections of inaccurate or incomplete data.

    3. Right to Erasure: Data subjects can request deletion of personal data where applicable.

    4. Right to Restriction: Data subjects can request that data processing is restricted under certain conditions.

    5. Right to Data Portability: Data subjects can request transfer of their data to another organization.

    6. Right to Object: Data subjects can object to processing based on legitimate interests or direct marketing.

    7. Rights in relation to Automated Decision-Making: Data subjects have rights regarding decisions based solely on automated processing, including profiling.

  5. Data Collection and Processing

    Xnvia will follow standardized procedures for the collection, processing, and retention of personal data, ensuring compliance with GDPR regulations.

    • Data Minimization: Only essential data is collected, used, and retained.

    • Transparency: Individuals are informed about data usage and purposes at the time of collection.

    • Security: Robust security measures are applied to protect personal data, including encryption, access control, and regular audits.

  6. Data Security

    Xnvia maintains appropriate technical and organizational measures to secure personal data, prevent data breaches, and respond swiftly to security incidents. Our data security measures include, but are not limited to:

    • Regular vulnerability assessments and risk analysis.

    • Staff training in data protection.

    • Access restrictions based on job role.

    • Encryption of data, both at rest and in transit.

    • Regular data backups.

  7. Data Breach Notification

    In the event of a personal data breach, Xnvia will:

    1. Assess the nature and scope of the breach.

    2. Inform affected data subjects and, where required, notify relevant supervisory authorities within 72 hours.

    3. Take appropriate measures to mitigate damage and prevent future breaches.

To Top