Privacy policy.

At Nakazzi & Co., we are committed to safeguarding the personal data of our clients, partners, and employees. This General Data Protection Policy outlines how we collect, process, store, and protect personal data in compliance with the latest laws and regulations, including the EU General Data Protection Regulation (GDPR) and Data Protection Act 2024.

1. Definitions

Personal Data: Any information that relates to an identified or identifiable individual, such as name, contact details, IP address, or financial information.

Processing: Any operation performed on personal data, including collection, storage, use, or deletion.

Data Controller: Nakazzi & Co., responsible for determining the purposes and means of processing personal data.

Data Processor: Any third party processing data on behalf of Nakazzi & Co.

2. Principles of Data Protection

We adhere to the following principles when processing personal data:

  1. Lawfulness, Fairness, and Transparency: Data will be processed lawfully, fairly, and transparently.

  2. Purpose Limitation: Data will only be collected for specified, explicit, and legitimate purposes.

  3. Data Minimization: Data collection will be limited to what is necessary for the intended purpose.

  4. Accuracy: Personal data will be kept accurate and up to date.

  5. Storage Limitation: Data will not be stored longer than necessary.

  6. Integrity and Confidentiality: Personal data will be processed securely to prevent unauthorized access, loss, or destruction.

3. Legal Basis for Data Processing

We only process personal data when at least one of the following applies:

  • Consent has been obtained.

  • Processing is necessary for the performance of a contract.

  • Compliance with a legal obligation.

  • Protection of vital interests.

  • Legitimate interests pursued by Nakazzi & Co. or a third party, unless overridden by the data subject’s rights.

4. Rights of Data Subjects

Data subjects have the following rights:

  • Right to Access: Obtain information about how their data is processed and request access to their personal data.

  • Right to Rectification: Request corrections to inaccurate or incomplete data.

  • Right to Erasure: Request deletion of their data under certain conditions (“Right to be Forgotten”).

  • Right to Restriction: Request restricted processing of their data in specific circumstances.

  • Right to Data Portability: Obtain a copy of their data in a structured, machine-readable format.

  • Right to Object: Object to the processing of their data, including for direct marketing.

  • Right to Withdraw Consent: Withdraw consent at any time.

Requests can be made via [insert contact method, e.g., email: privacy@nakazzico.com]. We will respond within the statutory timeframe (e.g., one month).

5. Data Collection and Usage

Nakazzi & Co. collects personal data through the following means:

  • Website forms (e.g., inquiries, service requests).

  • Contract agreements with authors and partners.

  • Marketing activities (e.g., newsletter sign-ups).

Personal data may be used for:

  • Providing services.

  • Managing contracts and business relationships.

  • Marketing communications (with prior consent).

  • Compliance with legal obligations.

6. Data Sharing

Personal data may be shared with:

  • Trusted third-party service providers (e.g., payment processors, IT support).

  • Regulatory authorities as required by law.

Third parties must adhere to our data protection standards and relevant regulations.

7. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption and pseudonymization where applicable.

  • Secure servers and firewalls.

  • Regular staff training on data protection.

  • Regular audits and assessments.

8. Data Retention

Personal data will be retained only as long as necessary for:

  • The purposes for which it was collected.

  • Compliance with legal or regulatory requirements.

  • Legitimate business purposes.

9. Data Breaches

In the event of a data breach:

  • We will notify affected individuals and the relevant supervisory authority within 72 hours of becoming aware, where required.

  • Affected parties will receive information about the breach and steps to mitigate potential harm.

10. Updates to This Policy

We may update this policy to reflect changes in the law or our data practices. Substantial updates will be communicated via our website or direct communication.

11. Contact Information

For questions or concerns about this policy or to exercise your data rights, please contact:

Data Protection Officer
Nakazzi & Co.
Email: privacy@nakazzico.com

By using our website and services, you consent to the terms outlined in this Privacy Policy. Last updated: 13th December 2024.