1. Introduction

At Coda, we are committed to ensuring the protection of personal data and compliance with the General Data Protection Regulation (GDPR). Our GDPR Compliance Statement outlines our practices and measures designed to safeguard your data and uphold data protection principles.

2. Data Protection Principles

We adhere to the following data protection principles established by GDPR:

• Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and transparently. We clearly inform our users about the use, processing, and disclosure of their personal data.

• Purpose Limitation: We collect and process personal data solely for specified, explicit, and legitimate purposes as outlined in our Privacy Policy.

• Data Minimisation: We ensure that the personal data collected is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

• Accuracy: We take every reasonable step to ensure that personal data is accurate and, where necessary, kept up to date.

• Storage Limitation: We keep personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.

• Integrity and Confidentiality: We handle personal data securely by using appropriate technical and organisational measures to protect it against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

3. Rights of Data Subjects

We provide the following rights to our users in respect to their personal data:

• Right to Access: You have the right to access your personal data and to request information about how we process it.

• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.

• Right to Erasure (Right to be Forgotten): You have the right to request the deletion or removal of your personal data when there is no compelling reason for its continued processing.

• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain conditions.

• Right to Data Portability: You have the right to request the transfer of your personal data to another organisation, or directly to you, under certain conditions.

• Right to Object: You have the right to object to the processing of your personal data under certain conditions, including for direct marketing purposes.

4. Consent

We rely on consent as a legal basis for processing personal data. Consent is obtained in a freely given, specific, informed, and unambiguous manner via a clear affirmative action.

5. Data Breaches

In the unlikely event of a data breach, we are committed to notifying the relevant supervisory authority within 72 hours, where feasible, and to communicating any adverse effects of the breach to the affected individuals without undue delay.

6. Commitment to GDPR Compliance

Coda is fully committed to compliance with GDPR and to the protection of the personal data we process. We regularly review our practices to ensure they meet the standards set by GDPR.