GDPR Policy

Application

This policy applies to all employees, contractors, and vendors while doing business with heynunchi.com and others who have access to European Union (EU) and the European Economic Area (EEA) data subject information (“personal data”) in connection with heynunchi.com's operating activities. 

Policy

 heynunchi.com is committed to protecting the security, confidentiality, and privacy of its information resources including EU and EEA personal data in accordance with the requirements set forth in the General Data Protection Regulation (EU) 2016/679 (“GDPR”, “Regulation”). Personal data shall only be processed when there is a legal basis to do so, data shall be managed to ensure that security, confidentiality, and privacy are maintained, and data will be used only for authorized purposes. All employees and contractors of heynunchi.com share the responsibility for safeguarding personal data to which they have access. 

 When performing commercial activities in support of heynunchi.com products and services that impacts EU/EEA personal data, heynunchi.com may engage in certain activities which may require it to receive, store, process, transmit, create, or access and use data which may trigger compliance requirements with the provisions applicable to GDPR. This policy and the GDPR Policies adopted hereunder are intended to support the mission of heynunchi.com and to facilitate data processing activities that are important to heynunchi.com by: 

•  Striving to ensure compliance with requirements imposed by GDPR and heynunchi.com's regulatory obligations 
•  Providing for the establishment of GDPR Policies that set forth, among other things, the technical, physical, and administrative safeguards designed to maintain the security, confidentiality, and privacy of personal data 
•  Setting forth the roles and responsibilities necessary for heynunchi.com designed to meet its obligations with respect to activities related to the processing of personal data in accordance with GDPR 

Roles and Responsibilities

Policy Adoption

 heynunchi.com shall, in cooperation with relevant stakeholders, develop and adopt necessary and appropriate GDPR Policies, which will include, among other things, technical, physical, and administrative safeguards designed to ensure the confidentiality, integrity, and privacy of personal data, and protect personal data against reasonably anticipated threats or hazards and unauthorized uses or disclosures. All relevant heynunchi.com stakeholders shall cooperate with heynunchi.com in the development and implementation of the GDPR Policies. 

The heynunchi.com Information Security and Data Privacy Policy is a component of the GDPR Policies and implement controls which support GDPR compliance. 

Responsible Person

Trista Van Tine, CEO, trista@heynunchi.com has been assigned responsibility for overall oversight of heynunchi.com's GDPR compliance program. 

Data Protection Officer 

 The Data Protection Officer (DPO) shall have the responsibilities set forth in this Policy and GDPR Article 39. The DPO is tasked with daily and ongoing oversight and management of heynunchi.com's GDPR Compliance Program, which includes the following responsibilities: 

•  Monitoring heynunchi.com's internal compliance with GDPR 
•  Providing guidance at the earliest stage possible on all aspects of data protection 
•  Keeping heynunchi.com stakeholders appraised of changes to GDPR and other relevant laws and regulations 
•  Assisting the controller or processor in monitoring internal compliance with the Regulation, including: 

• Collecting information to identify processing activities
• Analysing and checking the compliance of processing activities
•  Informing, advising and issuing recommendations to the controller or the processor 

•  Acting in an independent manner, and ensuring there is no conflict of interest in other roles or interests that the DPO may hold 
•  Maintaining inventories of all personal data stored on behalf of the data controller or processor 
•  Responding to security, privacy, and data access requests and complaints from data subjects 
•  Managing data security and critical business continuity issues that could impact personal data 
•  Providing guidance, as requested, to the data controller to complete a data protection impact assessment (“DPIA”) 
•  Providing guidance on responding to accidental or malicious activity that could impact personal data 
• Cooperate with the supervisory authority as needed
•  To act as the contact point for the supervisory authority on issues relating to processing, and to consult, where appropriate, with regard to any other matter 

 The Data Protection Officer is: Trista Van Tine, CEO, trista@heynunchi.com 

Implementation

Data Protection

 All personal data requires a legal basis for processing, and will be accessible on a strict need-to-know basis. Personal data is to be kept confidential and must be protected and safeguarded from unauthorized access, modification and disclosure. 

• Storage and Transmission: Personal data must be encrypted, with strong cryptography, whenever stored on or transmitted by heynunchi.com systems 
• Disposal: Paper records must be securely shredded prior to disposal. Electronic media must be securely wiped, sanitized or physically destroyed prior to disposal or reuse 
• Awareness Training: Relevant personnel will receive appropriate training on their information security and data privacy responsibilities with regard to GDPR and the handling of personal data as well as the Data Subject Access Request (DSAR) procedure 
• heynunchi.com will not transmit EU or UK PII to any third-party or vendor until an appropriate Data Protection Addendum has been fully executed by heynunchi.com and the third-party. 

Breach Notification

 Notification of any reportable unauthorized use or disclosure of personal data will be sent to affected parties in accordance with the GDPR notification requirements. 

Data Subject Access Requests (DSAR/SAR)

Subject to applicable exceptions, to the extent required by applicable laws, heynunchi.com will comply with any SAR concerning the following rights of the data subject.

Compelled Disclosure

Upon receipt of legal demands for information, heynunchi.com will notify counsel, and the Data Protection Officer. heynunchi.com will investigate the demands, and if it is determined at heynunchi.com's sole discretion that they are valid, we will search for and disclose the information that is specified and that we are reasonably able to locate and provide. We are unable to process overly broad or vague demands, and we will not disclose information that is not specifically demanded, except in response to follow-up demands. 

heynunchi.com may contact customers if we are compelled to disclose their information pursuant to valid legal demands for such information, but we are not required to do so, and in some instances, we may be legally prohibited from doing so. 

All external communications with customers, regulators and law enforcement shall be approved by heynunchi.com 

Enforcement

The CEO is responsible for the enforcement of this policy. 

Employees who may have questions should contact the CEO as appropriate. 

Disciplinary Action

Failure to comply with any provision of this policy may result in disciplinary action, including, but not limited to, termination. 

Reporting

All suspected violations or potential violations of this policy, no matter how seemingly insignificant, must promptly be reported to the CEO immediately. 

As long as a report is made honestly and in good faith, heynunchi.com will take no adverse action against any person based on the making of such a report. Failure to report known or suspected wrongdoing of which you have knowledge may subject you to disciplinary action up to and including termination of employment. 

Version History