With great sense of decency and responsibility, ETIS affirms her commitment and adherence to the terms and conditions as stated in GDPR. We maintain our resolve and adhere to the aforementioned as summarized below:

The General Data Protection Regulation (GDPR) is a comprehensive data privacy and protection framework that came into effect in the European Union (EU) on May 25, 2018. Its primary aim is to strengthen and harmonize data protection laws across the EU member states and give individuals more control over their personal data. Here’s a summary of key aspects of the GDPR:

1. Scope:

   • GDPR applies to organizations that process personal data of individuals residing in the EU, regardless of the organization’s location.
     
     

2. Key Principles:

   • Lawfulness, Fairness, and Transparency: Data processing must be lawful, fair, and transparent to the data subjects.
   • Purpose Limitation: Data should be collected for specified, explicit, and legitimate purposes and not further processed in a way incompatible with those purposes.
   • Data Minimization: Only the necessary data for the intended purpose should be collected and processed.
   • Accuracy: Data must be accurate and kept up to date.
   • Storage Limitation: Data should be kept in a form that permits identification of data subjects for no longer than necessary.
   • Integrity and Confidentiality: Data must be processed securely and protected against unauthorized or unlawful processing.
     
     

3. Individual Rights:

   • GDPR grants several rights to individuals, including the right to access, rectify, erase, and restrict the processing of their personal data.
   • Individuals also have the right to data portability and the right to object to certain types of processing.
     
     

4. Lawful Basis for Processing:

   • Organizations must have a lawful basis for processing personal data, such as the data subject’s consent, contractual necessity, compliance with legal obligations, protection of vital interests, performance of a task carried out in the public interest, or legitimate interests pursued by the data controller or a third party.
     
     

5. Consent:

   • If an organization relies on consent as the lawful basis for processing, it must be freely given, specific, informed, and unambiguous.
     
     

6. Data Breach Notification:
   

   • Organizations are required to report certain types of personal data breaches to the relevant supervisory authority within 72 hours of becoming aware of the breach.
     
     

7. Data Protection Officers (DPOs):

   • Some organizations are required to appoint a Data Protection Officer to oversee GDPR compliance, particularly if they process large amounts of personal data or engage in certain types of processing activities.
     
     

8. International Data Transfers:

   • Organizations transferring personal data outside the EU must ensure that the destination country provides an adequate level of data protection or implement appropriate safeguards.
     
     

9. Penalties:

   • Non-compliance with GDPR can result in significant fines, which can be tiered based on the nature of the violation.

It’s important to note that GDPR has a wide-ranging impact on how organizations handle personal data and has influenced global discussions on privacy regulations. Organizations that process personal data are expected to comply with GDPR principles to protect the privacy and rights of individuals.