GDPR

GDPR Compliance Policy

Effective Date: 1st Feb 2023

  1. Introduction

This GDPR Compliance Policy ("Policy") outlines the measures and practices of JKC800 T/A Driving King ("we," "us," or "our") to ensure compliance with the General Data Protection Regulation ("GDPR") when processing personal data of individuals located in the European Economic Area (EEA) and other regions with similar data protection laws. As a web-based company selling online courses and digital products worldwide, we are committed to protecting the privacy rights of our users. This Policy sets out how we handle personal data in accordance with the GDPR. By accessing or using our services, you consent to the practices described in this Policy.

  1. Data Controller and Data Protection Officer

a. Data Controller: JKC800 T/A Driving King is the data controller for the personal data we collect and process through our services.

b. Data Protection Officer: We have appointed a Data Protection Officer ("DPO") who is responsible for overseeing our data protection activities. You can contact our DPO using the contact information provided below.

  1. Legal Basis for Processing

We process personal data for the following purposes, relying on the legal bases as specified in Article 6 of the GDPR:

a. Contractual Necessity: We process personal data that is necessary for the performance of a contract, such as processing payments and delivering the online courses and digital products you purchase.

b. Consent: We may rely on your explicit consent for specific processing activities, such as sending promotional emails or using cookies on our website.

c. Legitimate Interests: In certain cases, we may process personal data based on our legitimate interests, provided that such processing does not outweigh your rights and freedoms.

  1. Collection and Use of Personal Data

a. Personal Data: We collect and process personal data that is necessary for the provision of our services and the performance of our contractual obligations. This may include your name, email address, contact information, payment details, and any other information you voluntarily provide.

b. Purpose Limitation: We collect and process personal data only for specified and legitimate purposes as outlined in our Privacy Policy. We do not process personal data in a manner that is incompatible with those purposes.

c. Data Minimization: We limit the collection of personal data to what is necessary for the intended processing purposes and retain it only for as long as necessary to fulfill those purposes or as required by law.

  1. Data Transfers

a. International Transfers: As a global company, personal data may be transferred to and processed in countries outside of the EEA. When transferring personal data to such countries, we will implement appropriate safeguards, such as the use of standard contractual clauses or relying on adequacy decisions by the European Commission, to ensure an adequate level of data protection.

  1. Data Subject Rights

a. Access, Rectification, and Erasure: You have the right to access, rectify, or erase your personal data held by us. You may also have the right to restrict or object to certain processing activities.

b. Data Portability: You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

c. Automated Decision-Making: We do not engage in automated decision-making, including profiling, that produces legal effects concerning you or significantly affects you.

  1. Data Security

a. Security Measures: We implement technical and organizational measures to ensure the security and confidentiality of personal data and protect it from unauthorized access, loss, alteration, or destruction. These measures are regularly reviewed and updated to align with industry best practices.

b. Data Breach Notification: In the event of a personal data breach, we have procedures in place to promptly assess and mitigate the risk to individuals' rights and freedoms. If required by applicable law, we will notify relevant supervisory authorities and affected individuals.

  1. Third-Party Service Providers

a. Data Processing Agreements: When engaging third-party service providers that process personal data on our behalf, we enter into data processing agreements that comply with the requirements of the GDPR.

b. Subprocessors: We maintain a list of subprocessors and regularly review their privacy practices to ensure they meet the same level of data protection as required by the GDPR.

  1. Compliance and Cooperation

We are committed to ensuring compliance with the GDPR and cooperate with supervisory authorities in the performance of their tasks. We maintain records of our data processing activities and conduct periodic assessments to ensure ongoing compliance.

  1. Contact Us

If you have any questions, concerns, or requests regarding this Policy or our data protection practices, including exercising your rights as a data subject, please contact our Data Protection Officer at info@drivingking.co

By using our services, you acknowledge that you have read, understood, and agreed to comply with this GDPR Compliance Policy.