General Data Protection Regulation & ANCORED's Commitment

Introduction

The EU General Data Protection Regulation (“GDPR”) came into force on 25th May 2018
and brought with it the most significant changes to EU data protection law in two decades.
The regulation harmonizes and establishes a minimum standard of data protection across the
European Union.

In essence, GDPR codifies the fundamental rights and freedoms of natural persons in the
protection and processing of their personal data. Correspondingly, it requires data controllers
and data processors implement appropriate security measures and safeguards for personal
data processing. Expressly contemplating data processing in the digital age, GDPR provides
individuals with greater transparency and control over the processing of their personal data.

Our Commitment

At ANCORED, we are committed to ensuring the security and protection of the personal
information that we process. We are committed to ongoing review and vigilance of all
matters within the scope of GDPR so that a process of continual assessment, risk
management and improvement is embedded in our organisation.

Our GDPR preparations have included a comprehensive review of relevant internal
processes, procedures and documentation. Additionally, we have and continue to actively
develop and implement data protection policies, procedures, controls and security measures
for GDPR compliance.

Policies & Procedures

ANCORED has and continues to develop data protection policies and procedures addressing
the requirements and standards of the GDPR including:

Data Protection

Our main policy for data protection has been overhauled to meet GDPR requirements. We
have and continue to develop accountability and governance measures (including privacy by
design) to raise awareness of and promote compliance with our data protection obligations
and responsibilities.

Data Retention

We have and continue to update our retention policies and schedules in consideration of ‘data
minimization’ and ‘storage limitation’ principles.

Data Breaches

We have and continue to develop safeguards and security measure for identifying, assessing,
investigating and reporting personal data breaches with our partners.

International Data Transfers

To the extent that ANCORED transfers personal information outside the EU/EEA, we have
and continue to develop our policies and procedures for securing and maintaining the
integrity of the data. When such data transfers involve external recipients, we request
recipients verify that they have appropriate safeguards to protect the personal information and
to comply with the data subject rights and requests.

Data Subject Requests

For requesting personal data correction, restricted processing, erasure as well as submitting
data processing objections please email and we will get back to you
within 48 hours.

Privacy Notice

Where applicable, we issue privacy notices informing individuals of the details surrounding
the data processing activity and their rights and freedoms pursuant to GDPR.

Data Processor Agreements

Where applicable, we enter into data processing agreements.