At Difinte, we prioritize the privacy and security of our users' data. In accordance with the General Data Protection Regulation (GDPR) enacted by the European Union, we aim to protect the personal data of our users and ensure that all data is processed lawfully, transparently, and for legitimate purposes. This policy outlines how we collect, use, store, and safeguard personal data, as well as the rights of individuals regarding their data. GDPR represents a significant shift in data privacy laws, and Difinte is dedicated to upholding the rights of data subjects while continuing to provide high-quality products and services.
At Difinte, we collect and process personal data for a variety of purposes, including the provision of our POS device solutions and related services. Personal data may include, but is not limited to, names, addresses, contact details, transaction history, and financial information. We collect this data directly from individuals, such as when they register for our services, make purchases, or interact with our POS systems. Additionally, we may collect data through third-party vendors or partners who provide necessary services to enhance the overall user experience.
In compliance with GDPR, Difinte processes personal data based on various legal grounds, including the necessity of processing for the performance of a contract, the legitimate interest of our business, and compliance with legal obligations. When personal data is collected, individuals are informed about the purpose of the collection, and their consent is obtained where necessary. We ensure that any processing activity has a clear legal basis, and we only collect data that is necessary to fulfill our obligations and provide high-quality services.
The personal data collected by Difinte is used for a range of purposes, all of which are clearly defined and communicated to data subjects. These purposes include, but are not limited to, processing payments, providing customer support, improving our products and services, managing accounts, marketing, and ensuring compliance with legal requirements. We are committed to ensuring that personal data is only used for legitimate purposes and not for any activities that are incompatible with the original reason for collection.
Under the GDPR, individuals have several key rights regarding their personal data. Difinte is committed to facilitating the exercise of these rights by providing individuals with clear mechanisms to access, correct, delete, or restrict the processing of their data. The key rights include:
Difinte ensures that all these rights are respected and that any requests from data subjects are addressed promptly in accordance with GDPR guidelines.
Difinte takes data retention seriously and only stores personal data for as long as necessary to fulfill the purposes outlined in this policy or as required by law. When personal data is no longer required, we will securely delete or anonymize the data to ensure that it cannot be accessed or used inappropriately. Our data retention practices are regularly reviewed to ensure that we comply with the principles of data minimization and storage limitation.
We take the security of personal data very seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, disclosure, alteration, and destruction. These measures include encryption, secure storage, access control protocols, and regular audits of our systems. Difinte also ensures that its employees and contractors are trained on data privacy and security practices to ensure compliance with GDPR.
Difinte may share personal data with trusted third-party vendors and service providers to carry out specific business functions on our behalf. These may include payment processors, customer support services, marketing platforms, and cloud service providers. When we share personal data with third parties, we ensure that these parties are compliant with GDPR and that they handle the data securely and responsibly. We also enter into data processing agreements with third-party vendors to ensure that they adhere to GDPR’s data protection principles.
As a global business, Difinte may transfer personal data across borders, particularly when our services are used internationally. When transferring personal data outside the European Economic Area (EEA), we ensure that the data is protected by appropriate safeguards, such as the use of standard contractual clauses or the reliance on countries recognized as providing an adequate level of protection by the European Commission.
Difinte has appointed a Data Protection Officer (DPO) who is responsible for overseeing our compliance with GDPR and other data protection laws. The DPO ensures that all aspects of data collection, processing, and storage are carried out in accordance with legal requirements, and they act as the primary point of contact for any queries or concerns regarding data protection. The DPO also conducts regular audits and provides training to our staff to ensure ongoing compliance.
Difinte follows the principles of "privacy by design" and "privacy by default," which means that privacy and data protection are embedded into our processes, products, and services from the outset. This includes conducting data protection impact assessments (DPIAs) for any new projects or initiatives that involve the processing of personal data. We prioritize the protection of personal data throughout the development of our products, ensuring that any risks to data privacy are identified and mitigated before implementation.
As part of our GDPR compliance, Difinte also ensures the protection of personal data of our employees. We process employee data in accordance with GDPR’s employment provisions, including using personal data for HR-related purposes, such as recruitment, payroll, and performance management. Employees have the same rights to access, rectify, or erase their personal data as any other individual.
Difinte may update this GDPR policy from time to time to reflect changes in regulations, business practices, or other factors. Any updates will be communicated to data subjects in a timely manner, and the revised policy will be made available on our website or through other appropriate channels.
At Difinte, we take data protection seriously and are committed to maintaining compliance with GDPR. We respect the privacy of our clients, users, and employees, and we ensure that all personal data is processed securely and transparently. By adhering to the principles outlined in this policy, we aim to foster trust and confidence in our services and contribute to a more secure and privacy-respecting digital environment.