GDPR Compliance

At AIRE CRM, we are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles.

However, we recognize our obligations in updating and expanding this program to meet the demands of the GDPR and the UK's Data Protection Act.

We adhere to the following data protection principles:

• Lawfulness, fairness, and transparency: Processing is lawful, fair, and transparent to the data subject.
• Purpose limitation: We only collect data for specified, explicit, and legitimate purposes.
• Data minimization: We only collect the minimum amount of personal data necessary.
• Accuracy: We keep personal data accurate and up to date.
• Storage limitation: We only store personal data for as long as necessary.
• Integrity and confidentiality: We process personal data securely.

Under GDPR, you have the following rights:

• Right to be informed: You have the right to be informed about the collection and use of your personal data.
• Right of access: You have the right to access your personal data and supplementary information.
• Right to rectification: You have the right to have inaccurate personal data rectified, or completed if it is incomplete.
• Right to erasure: You have the right to have personal data erased (the "right to be forgotten ").
• Right to restrict processing: You have the right to request the restriction or suppression of your personal data.
• Right to data portability: You have the right to obtain and reuse your personal data for your own purposes across different services.
• Right to object: You have the right to object to the processing of your personal data in certain circumstances.
• Rights related to automated decision making including profiling: You have the right not to be subject to a decision based solely on automated processing.

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data
• Regular testing, assessing, and evaluating the effectiveness of technical and organizational measures
• Data protection impact assessments for high-risk processing
• Staff training on data protection and GDPR compliance
• Data minimization and pseudonymization where appropriate
• Regular reviews of our data collection, storage, and processing practices

Note: We will notify you of any data breaches that may affect your personal data within 72 hours of becoming aware of the breach.

We may transfer personal data to countries outside the European Economic Area (EEA). When we do, we use a variety of legal mechanisms, including contracts, to help ensure your rights and protections travel with your data.

We only transfer personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, or we use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

If you have any questions about this GDPR Compliance statement or our data protection practices, please contact our Data Protection Officer:

You also have the right to make a complaint at any time to your local data protection authority. We would, however, appreciate the chance to deal with your concerns before you approach the authority, so please contact us in the first instance.