GDPR Compliance
Learn how AstraVA ensures compliance with the General Data Protection Regulation (GDPR) and protects the privacy rights of EU data subjects.
EU Data Protection
Understanding GDPR
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations that process the personal data of EU residents, regardless of where the organization is located.
GDPR establishes strict requirements for how personal data must be collected, processed, stored, and protected. It also grants EU residents (data subjects) specific rights regarding their personal data.
At AstraVA, we've implemented comprehensive measures to ensure full compliance with GDPR requirements, protecting both our clients and their customers.
GDPR Core Principles
AstraVA adheres to the following core principles of GDPR in all our data processing activities.
Lawfulness, Fairness, and Transparency
We process personal data lawfully, fairly, and in a transparent manner. Our Privacy Policy clearly explains how we collect, use, and protect personal data.
Clear legal basis for all data processing
Transparent privacy notices
Fair data processing practices
Purpose Limitation & Data Minimization
We collect personal data for specified, explicit, and legitimate purposes, and do not process it in ways incompatible with those purposes. We only collect data that is necessary.
Clearly defined processing purposes
Minimal data collection practices
Regular data inventory reviews
Storage Limitation & Integrity
We keep personal data only for as long as necessary and ensure it is accurate and up-to-date. We implement appropriate security measures to protect against unauthorized processing, loss, or damage.
Data retention policies
Regular data accuracy checks
Comprehensive security measures
Data Subject Rights
GDPR grants EU residents specific rights regarding their personal data. AstraVA has implemented processes to honor these rights.
Right of Access & Data Portability
Data subjects have the right to know what personal data is being processed and to receive a copy of their data
AstraVA has implemented a streamlined process for data subject access requests (DSARs). When we receive a valid request, we:
Verify the identity of the requestor to ensure data security
Provide a complete copy of all personal data we process about the individual
Include information about the purposes of processing, categories of data, recipients, retention periods, and more
Provide data in a structured, commonly used, and machine-readable format when requested
Respond to all requests within 30 days, with possible extension for complex requests
Our GDPR Compliance Measures
AstraVA has implemented comprehensive measures to ensure GDPR compliance throughout our organization.
Need More Information About GDPR Compliance?
Contact our Data Protection Officer to discuss your specific requirements or to request our GDPR documentation.