Privacy & Data Protection

Customer-facing privacy policy covering data collection, use, sharing, and individual rights. CCPA requires annual review and update.

Employee-facing policy defining how personal data is handled internally, including HR data, customer data access, and privacy responsibilities.

Detailed cookie policy with consent management framework. Includes cookie categories, purposes, retention periods, and opt-out mechanisms.

Complete procedures for handling Data Subject Access Requests including intake, verification, data gathering, response templates, and timeline tracking (30/45 days).

Specific procedures for handling deletion requests, including scope determination, backup handling, vendor notification, and exception documentation.

Procedures for providing personal data in machine-readable format, including export specifications, transfer mechanisms, and format standards.

GDPR Article 28 compliant DPA for use with vendors processing personal data. Includes standard contractual clauses, sub-processor requirements, and audit rights.

EU Commission approved SCCs for international data transfers (2021 version). Includes all four modules with implementation guidance and TIA template.

Assessment template for evaluating international data transfers post-Schrems II. Documents legal basis, supplementary measures, and third-country law analysis.

Article 30 compliant register documenting all processing activities including purposes, categories, recipients, transfers, retention, and security measures.

Comprehensive template for assessing privacy risks of new processing activities. Includes necessity/proportionality assessment, risk evaluation, and mitigation measures.

Comprehensive data retention schedule defining retention periods by data type, legal basis, and destruction procedures. Includes regulatory requirement mappings.