Privacy Policy
In its daily business operations, Diverso Hair Ltd. processes various data related to identified individuals, including:
- Current, past, and future employees
- Customers
When collecting and using such data, the organization is subject to various legislative acts regulating how these activities can be carried out and the safeguards that must be implemented to protect them.
The purpose of this policy is to define the applicable legislation and to describe the steps that Diverso Hair Ltd. takes to ensure compliance with it.
This control applies to all systems, people, and processes that make up the organization's information systems, including employees, suppliers, customers, and other third parties who have access to Diverso Hair Ltd.’s systems.
Privacy Rights and Personal Data Policy
The General Data Protection Regulation (GDPR) of 2016 is one of the most significant legal acts affecting the way Diverso Hair Ltd. carries out data processing activities. Significant fines apply if a violation is found under this regulation, which is intended to protect the personal data of EU citizens. Diverso Hair Ltd.'s policy is to ensure its compliance with GDPR and other applicable legislative acts in a clear and demonstrable manner at all times through appropriate accountability.
Within GDPR, a large number of definitions are listed, and it is not appropriate to reproduce them here. However, the fundamental definitions in relation to this policy are as follows:
“Personal Data” is defined as: Any information related to a physical person, through which they can be identified (“data subject”) directly or indirectly, particularly by an identifier such as a name, identification number, location data, online identifier, or by one or more characteristics specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.
"Processing" means: Any operation or set of operations performed on personal data or a set of personal data through automated or other means such as collection, recording, organization, structuring, storage, adaptation, or modification, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making the data available, arrangement or combination, restriction, erasure, or destruction.
"Controller" means: A natural or legal person, public authority, agency, or other entity that alone or jointly with others determines the purposes and means of processing personal data.
Principles Related to Personal Data Processing
GDPR is based on several fundamental principles:
- Personal data must be:
- Processed lawfully, fairly, and transparently.
- Collected for specified, explicit, and legitimate purposes.
- Appropriate, relevant, and limited to what is necessary.
- Accurate and kept up to date.
- Stored in a form that permits identification of the data subject for no longer than necessary.
- Processed in a manner ensuring appropriate security.