Meet our team
Solutions
Contact
The General Data Protection Regulation ("GDPR") is a regulation in EU law (2016/679) on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).
Saga Capital takes data privacy very seriously. We ensure that every project we help to build is GDPR compliant and we develop always with data protection on our mind.
Every project that requires storing personal data is preceded by data protection impact assessment (DPIA). A DPIA is an audit of client’s and Saga’s own processes and procedures that measures how these processes affect or might compromise the privacy of the individuals whose data is stored, collected or processed. We ensure compliance with applicable legal, regulatory and policy requirements regarding privacy, determine the risks, and evaluate protections and alternative processes to mitigate potential privacy dangers.
We make sure to receive customers consent before processing or storing their data. This request is always laid out in plain, straightforward language and clearly explains
how the customer’s data will be used and for how long it will be stored.
At any given time our customers have the right to withdraw consent, view and update their data or
request data to be deleted, and we act upon the request as quickly as possible.
Every customer whose data we process has the right to current information about methods processing its data, processing scope, transferring its data to third parties, the purposes for which their personal data or functions are used such as automatic data profiling. To meet the requirements posed by GDPR, we provide this information when acquiring personal data, and also later at the customer's request, allowing full control over data processing.
We support the personal data minimalization principle, which requires us to only use and keep the personal data that is needed at any given time for any given purpose. If it’s not needed for that intended purpose and duration, we delete or process it through pseudonymization procedure. Pseudonymization is a process that transforms personal data in such a way that in the result the data can not be attributed to a specific subject without the use of additional information.
Despite all of preparations, data breaches will remain a substantial risk to the privacy and trust of our customers. We develop technology and processes that will allow us to detect and address such breaches within maximum 72 hours timeframe. We constantly overhaul internal data security policies and train our employees to minimize this risk and ensure there is a proper response plan to data breach threats.
To provide best data storage security we use Amazon Web Services that are 100% GDPR compliant with data encryption (AES256), Multi-Factor-Authentication, access keys, geo-restrictions and real-time monitoring and audits. To get more information about AWS GDPR compliance visit https://aws.amazon.com/compliance/gdpr-center/.
Grabiszyńska 214/7
53-235 Wrocław, Poland