Effective Date: April 3, 2024
Under the GDPR, Compose adheres to the following principles when processing personal data:
Lawfulness, Fairness, and Transparency: Processing is lawful, fair, and transparent to the data subject.
To provide further clarity, here are the rights afforded to individuals under the GDPR and the means to exercise them:
To exercise any of these rights, please contact us at [Insert Contact Details]. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Our Data Protection Officer oversees compliance with the GDPR. For any questions related to the processing of your personal data, exercising your rights under the GDPR, or for more information, please contact our DPO at [Insert DPO Contact Information].
Compose ensures that when personal data is transferred outside the EU, it remains protected and transferred in a manner consistent with legal requirements. Detailed information on the mechanisms in place for such transfers is available upon request.
In compliance with the GDPR, Compose has implemented robust breach detection, investigation, and reporting procedures. We are committed to notifying the relevant supervisory authority of any data breach within 72 hours of becoming aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals. When the breach is likely to result in a high risk to your rights and freedoms, we will also communicate the breach to the affected data subjects without undue delay.
Compose engages with various third-party service providers and partners who act as data processors on our behalf. These processors are only permitted to process personal data in accordance with our documented instructions, under a binding contractual agreement that ensures the confidentiality, integrity, and availability of personal data. We conduct due diligence on all our data processors to ensure their compliance with the GDPR and other relevant data protection laws.
For any new projects or technologies that are likely to result in a high risk to the privacy rights of individuals, Compose conducts Data Protection Impact Assessments. These assessments help identify and minimize the data protection risks of a project. DPIAs include a systematic description of the envisaged processing operations, an assessment of the necessity and proportionality of the processing in relation to the purposes, an assessment of the risks to the rights and freedoms of data subjects, and the measures to address these risks.
Compose does not use personal data for automated decision-making or profiling that produces legal effects concerning data subjects or similarly significantly affects them. If these practices are adopted in the future, affected individuals will be provided with information about the logic involved, as well as the significance and the envisaged consequences of such processing for them. Individuals will also be afforded rights to obtain human intervention, express their point of view, and contest the decision.
We will update our Privacy Policy to reflect changes in our data processing practices or in response to legal requirements. When we make significant changes, we will notify you through our platform or other means, such as email, and will also indicate the date the last changes were published on our Privacy Policy.
If you have any concerns or complaints about how we process your personal data, we kindly ask you to contact us. However, you have the right to lodge a complaint directly with the supervisory authority in your country.
If you have any questions about this GDPR Compliance section, our data protection practices, or your dealings with Compose, please contact our Data Protection Officer at: