GDPR

Introduction Gourmet Galaxy is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognize our obligations in updating and expanding this program to meet the demands of the GDPR.

GDPR Compliance Gourmet Galaxy is dedicated to safeguarding the personal data of our customers, clients, and website visitors. In compliance with GDPR requirements, we are taking the following steps:

1. Data Mapping Ensuring that we understand where personal information is located across our system, who has access to it, and how it is being used.
2. Policies & Procedures Revising data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including:
   • Data Protection – our main policy and procedure document for data protection has been overhauled to meet the standards and requirements of the GDPR.
   • Data Retention & Erasure – ensuring that we meet the “data minimization” and “storage limitation” principles and that personal information is stored, archived and destroyed compliantly and ethically. We have dedicated erasure procedures in place to meet the new “Right to Erasure” obligation and are aware of when this and other data subject’s rights apply; along with any exemptions, response timeframes, and notification responsibilities.
   • Data Breaches – our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate, and report any personal data breach at the earliest possibility. Our procedures are robust and have been disseminated to all employees, making them aware of the reporting lines and steps to follow.
3. Data Subject Rights We provide easy-to-access information via [Your Website’s URL] of an individual’s right to access any personal information that Gourmet Galaxy processes about them and to request information about:
   • What personal data we hold about them
   • The purposes of the processing
   • The categories of personal data concerned
   • The rights to correct, delete, restrict, or object to such processing
   • Information about how long we retain their data
   • The right to lodge a complaint with the supervisory authority
4. Legal Basis for Processing We are reviewing all processing activities to identify the legal basis for processing and ensuring that each basis is appropriate for the activity it relates to. Where applicable, we also maintain records of our processing activities, ensuring that our obligations under Article 30 of the GDPR are met.
5. Consent We are revising our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it, and that they have given explicit consent. We have developed stringent processes for recording consent, making sure that we can evidence an affirmative opt-in, along with time and date records; and an easy-to-see and access way to withdraw consent at any time.

Commitment Gourmet Galaxy understands that continuous employee awareness and understanding is vital to the continued compliance of the GDPR and have involved our employees in our preparation plans. We have implemented an employee training program which will be provided to all employees prior to May 25th, 2018, and forms part of our induction and annual training program.

If you have any questions about our preparation for the GDPR, please contact Jennifer C. Miller at [contact@gourmetgalaxy.net].