Last Updated: January 10, 2025

1. Introduction

At Chaaropik, we prioritize the protection of personal data and are committed to maintaining the trust and confidence of our clients, employees, and business partners. This policy outlines how we collect, use, store, and safeguard personal data in compliance with applicable laws and regulations, including the General Data Protection Regulation (GDPR) and relevant U.S. data protection laws.

2. Scope

This policy applies to all personal data collected, processed, and stored by Chaaropik, including but not limited to:

• Clients and potential clients.

• Employees, contractors, and consultants.

• Business partners, vendors, and service providers.

• Website visitors and application users.

3. Purpose

This policy ensures that Chaaropik:

• Complies with all relevant data protection laws.

• Protects the rights of individuals whose data we process.

• Maintains transparency about data collection and use.

• Implements appropriate safeguards to prevent data breaches.

4. Key Definitions

• Personal Data: Any information that can identify an individual directly or indirectly (e.g., name, email, phone number).

• Processing: Any operation performed on personal data, such as collection, storage, use, or deletion.

• Data Subject: The individual to whom personal data relates.

• Controller: Chaaropik, determining how and why personal data is processed.

• Processor: Any third party that processes personal data on behalf of Chaaropik.

5. Data Protection Principles

Chaaropik adheres to the following principles when processing personal data:

• Fairness, Lawfulness, and Transparency: Data is processed legally and transparently.

• Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes.

• Data Minimization: Only data necessary for the intended purpose is collected.

• Accuracy: Personal data is accurate and kept up-to-date.

• Storage Limitation: Data is not kept longer than necessary.

• Security: Appropriate measures are taken to protect data from breaches.

6. Data Collection and Use

We collect personal data through:

• Direct Input: Forms, subscriptions, service registrations.

• Automated Means: Cookies, analytics, and usage tracking.

Types of data collected include:

• Contact details: Name, email address, phone number.

• Business details: Company name, role, and industry.

• Payment details: Billing information (processed securely via third-party services).

• Usage data: Website and app interactions.

Data is processed for purposes such as:

• Delivering services and products.

• Communicating updates and promotional offers.

• Complying with legal obligations.

7. Legal Basis for Processing

We process personal data based on:

• Consent: Where required, we obtain explicit consent for specific uses.

• Contractual Obligation: Data necessary to deliver a service.

• Legitimate Interests: Supporting business operations while balancing privacy rights.

8. Data Retention

Personal data is retained only as long as necessary for the purposes outlined or to meet legal and regulatory requirements.

9. Data Security

We implement robust measures to secure personal data, including:

• Encryption of sensitive data.

• Regular security assessments and audits.

• Access controls to limit data exposure.

10. Data Sharing and Third Parties

We may share personal data with:

• Service Providers: To deliver our services (e.g., payment processors, cloud hosting).

• Legal Authorities: When required by law or to enforce our rights.

All third parties are bound by contractual obligations to safeguard data.

11. Cross-Border Data Transfers

If personal data is transferred outside the U.S. or EEA, it will only be done under lawful safeguards such as:

• Standard Contractual Clauses (SCCs).

• Binding Corporate Rules (BCRs).

• Privacy Shield (if applicable).

12. Individual Rights

Data subjects have the following rights:

• Access: Request a copy of personal data.

• Correction: Rectify inaccurate or incomplete data.

• Erasure: Request deletion of data (“right to be forgotten”).

• Restriction: Limit how data is processed.

• Objection: Oppose certain processing activities, such as marketing.

• Data Portability: Request data in a transferable format.

To exercise these rights, contact us at [email protected]

.

13. Data Breach Management

In the event of a data breach:

We will notify affected individuals and relevant authorities within required timeframes.

Affected parties will receive guidance on protective measures.

14. Training and Compliance

All employees and contractors undergo regular training on data protection practices to ensure compliance.

15. Policy Updates

We may update this policy periodically to reflect changes in laws or business practices. Changes will be communicated through our website and other appropriate channels.

16. Contact Information

If you have questions about this policy or our data protection practices, contact us:

Email: [email protected]

Phone: 844-410-4106