GDPR COMPLIANCE

F.A8S is committed to protecting the privacy and rights of individuals in accordance with the General Data Protection Regulation (GDPR). This document outlines our approach to GDPR compliance and how we protect the personal data of EU citizens.

F.A8S acts as a data controller for the personal information we collect and process. As a data controller, we are responsible for determining the purposes and means of processing personal data.

We process personal data on the following lawful bases:

• Consent: We obtain clear consent for specific processing activities.
• Contract: Processing is necessary for the performance of a contract with the data subject.
• Legal Obligation: Processing is necessary to comply with a legal obligation.
• Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by the interests or fundamental rights of the data subject.

Under the GDPR, individuals have the following rights:

• The right to be informed about the collection and use of their personal data
• The right of access to their personal data
• The right to rectification of inaccurate personal data
• The right to erasure (the 'right to be forgotten')
• The right to restrict processing
• The right to data portability
• The right to object to processing
• Rights in relation to automated decision making and profiling

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data
• Regular testing and evaluation of security measures
• Ability to restore access to personal data in the event of a physical or technical incident
• Regular staff training on data protection and security

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will also notify the affected individuals without undue delay.

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in a high risk to individuals' rights and freedoms, particularly when using new technologies.

When transferring personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses, adequacy decisions, or other legally recognized transfer mechanisms.

Our Data Protection Officer (DPO) is responsible for overseeing our data protection strategy and implementation to ensure compliance with GDPR requirements. You can contact our DPO at dpo@fas.com.

If you have any questions about our GDPR compliance or wish to exercise your rights, please contact us at: