LONGDOWN
Longdown Vineyard (LV) GDPR Compliance Policy
1. Introduction
LV recognizes the importance of protecting the privacy and personal data of individuals. This policy outlines our commitment to compliance with the General Data Protection Regulation (GDPR) and sets forth the principles and guidelines that govern the processing of personal data within our organization.
2. Scope
This policy applies to all employees, contractors, and third parties who process personal data on behalf of LV.
3. Data Protection Officer (DPO)
LV has appointed a Data Protection Officer to oversee compliance with this policy and relevant data protection laws. Employees and other stakeholders can contact the DPO for any concerns or inquiries related to data protection.
4. Data Collection and Processing
4.1 Lawfulness, Fairness, and Transparency:
Personal data will only be processed lawfully, fairly, and transparently. Individuals will be informed about the purpose and legal basis of processing their data.
​
4.2 Purpose Limitation:
Personal data will only be collected for specified, explicit, and
legitimate purposes. Any further processing will be compatible with those purposes.
​
4.3 Data Minimization:
LV will only collect and process personal data that is necessary for the intended purpose. Unnecessary data will not be collected.
​
4.4 Accuracy:
LV will take reasonable steps to ensure the accuracy of personal data. Individuals have the right to request corrections to their data.
5. Data Subject Rights
5.1 Access:
Individuals have the right to access their personal data held by LV.
​
5.2 Rectification:
Individuals can request the correction of inaccurate or incomplete personal data.
​
5.3 Erasure:
Individuals have the right to request the deletion of their personal data under certain circumstances.
​
5.4 Data Portability:
Individuals can request the transfer of their personal data to another organization.
6. Security
LV is committed to ensuring the security of personal data. Security measures, including encryption, access controls, and regular security assessments, will be implemented to protect personal data from unauthorized access, disclosure, alteration, and destruction.
7. Data Breach Notification
In the event of a data breach, LV will promptly assess the situation, take necessary steps to mitigate the impact, and notify the relevant supervisory authority and affected individuals as required by GDPR.
8. Data Protection Impact Assessments (DPIAs)**
LV will conduct DPIAs for high-risk processing activities to identify and mitigate potential risks to individuals' privacy.
9. Training and Awareness
All employees will receive training on GDPR compliance, and awareness programs will be conducted regularly to ensure that employees understand their responsibilities regarding data protection.
10. Data Processing Records
LV will maintain records of processing activities as required by GDPR,
documenting the purposes, categories of data subjects, and other relevant details.
11. Review and Update
This policy will be reviewed and updated regularly to ensure continued compliance with GDPR and any relevant changes in data protection laws.
12. Enforcement
Non-compliance with this policy may result in disciplinary action, up to and including termination of employment or contractual relationship. This GDPR Compliance Policy is effective as of 1/12/25 and is subject to review and update as needed.