GDPR Compliance Policy
Introduction
At Thru, we are committed to protecting the privacy and security of personal data in compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws.
Data Processing
As a service provider, we act as a data processor for our clients, who are the data controllers. We process personal data strictly in accordance with our clients' instructions and the provisions of our Data Processing Agreements (DPAs).
Data Protection Principles
We adhere to the following GDPR principles when processing personal data:
Lawfulness, fairness, and transparency
Purpose limitation
Data minimization
Accuracy
Storage limitation
Integrity and confidentiality
Accountability
Data Subject Rights
We support our clients in fulfilling their obligations regarding data subject rights, such as the right to access, rectify, erase, restrict processing, object to processing, and data portability.
Data Security
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
Encryption of personal data in transit and at rest
Access controls and authentication mechanisms
Regular security testing and audits
Incident response and breach notification procedures
Training and Awareness
All our employees receive regular GDPR training to ensure awareness and compliance with data protection practices.
Compliance Monitoring
We regularly monitor and review our GDPR compliance through internal audits and assessments.
Conclusion
For any GDPR-related inquiries or concerns, please contact our Data Protection Officer at secops@thruinc.com