Privacy Policy
At 1-Platform powered by Nuevezo, we prioritize your privacy and are committed to protecting your personal data. Our Privacy Policy outlines the measures we have implemented to comply with the requirements of ISO/IEC 27701, the international standard for Privacy Information Management Systems (PIMS), and other applicable privacy regulations, including GDPR.
Scope
This policy applies to all personal data collected, processed, and stored by 1-Platform, covering employees, clients, vendors, and third-party data, in line with ISO 27701 standards. It ensures compliance with our Privacy Information Management System (PIMS), extending our Information Security Management System (ISMS) as per ISO/IEC 27001.
Data Collection and Use
We collect personal data for specific, legitimate purposes, which may include:
- Personal Identification Information (e.g., names, addresses, contact details)
- Employment Information (for internal personnel)
- Customer Information (e.g., purchase history, service usage)
- Financial Information (e.g., payment details, transaction history)
The processing of personal data is based on legal grounds such as contractual necessity, legitimate interest, consent, or legal obligations.
Data Subject Rights
We respect your rights regarding your personal data. These rights include:
- Access: You can request access to your personal data.
- Correction: You can request corrections to inaccurate data.
- Erasure: Under certain conditions, you can request the deletion of your data.
- Restriction: You can ask us to restrict data processing in specific situations.
- Portability: You may request a copy of your data in a machine-readable format.
- Objection: You can object to data processing for specific purposes.
Data Retention
We retain personal data only for the duration necessary to fulfill the purposes for which it was collected or as required by law. Once the retention period has expired, the data will either be securely deleted or anonymized in accordance with ISO 27701 guidelines.
Security Measures
To protect your personal data, we implement technical and organizational measures in compliance with ISO/IEC 27001, ensuring data confidentiality, integrity, and availability. Regular audits and security reviews are conducted to ensure that all processes align with ISO 27701 standards.
Sharing Personal Data with Third Parties
Personal data may be shared with third parties, including service providers and regulatory authorities, under the following circumstances:
- To comply with legal obligations
- For operational purposes (e.g., outsourced services)
- With your explicit consent, where applicable.
We ensure that any third parties with whom we share data are compliant with relevant data protection regulations.
Amendments to this Privacy Policy
We may update this policy periodically to reflect changes in regulations or operational practices. Significant changes will be communicated to relevant stakeholders in a timely manner.