Skip to Content

Privacy Policy

Goal of the Data Protection Policy

Preamble

Helping Cards produces educational card games designed to engage children with household chores and, more importantly, strengthen family bonds. Our goal is to help children become more resilient, self-reliant, and capable of growing into healthy, happy, fulfilled adults who respect themselves and others.

Similarly, our Data Protection Policy is designed to safeguard both you and the information we obtain about you through our website.

Security Policy and Responsibilities in the Company

  • Data Protection Goals:
    • In addition to existing corporate objectives, the highest data protection goals must be defined and documented.
    • These goals are based on data protection principles and must be tailored to the specific needs of each company.
  • Roles and Responsibilities:
    • Representatives of the company
    • Operational Data Protection Officers
    • Coordinators or Data Protection Team
    • Operational Managers
  • Commitment to Continuous Improvement:
    • The company commits to the continuous enhancement of its Data Protection Management System (DPMS).
  • Employee Training & Awareness:
    • Employees must be trained, sensitized, and obligated to adhere to data protection policies.

Legal Framework in the Company

  • Industry-Specific Legal or Conduct Regulations for handling personal data.
  • Requirements of Internal and External Parties regarding data protection compliance.
  • Applicable Laws, including any relevant local regulations.

Documentation

  • Internal and External Inspections must be conducted to ensure compliance.
  • Data Protection Needs Assessment:
    • Determines protection requirements concerning confidentiality, integrity, and availability of data.

Existing Technical and Organizational Measures (TOM)

Appropriate technical and organizational measures (TOMs) must be implemented and substantiated, taking into account:

  • The purpose of data processing
  • The state of technology
  • Implementation costs

Implemented TOMs Based on Art. 32 GDPR

1. Pseudonymization & Encryption

  • Pseudonymization (Art. 32 (1) (a) GDPR; Art. 25 (1) GDPR)
  • Encryption (Art. 32 (1) (a) GDPR)

2. Confidentiality (Art. 32 (1) (b) GDPR)

  • Access Control
  • Entry Control
  • Authorization Control
  • Separation Control

3. Integrity (Art. 32 (1) (b) GDPR)

  • Transfer Control
  • Input Control

4. Availability & Resilience (Art. 32 (1) (b) GDPR)

  • Availability Control
  • Resilience Control

5. Recoverability (Art. 32 (1) (c) GDPR)

6. Procedures for Regular Review, Assessment, and Evaluation (Art. 32 (1) (d) GDPR; Art. 25 (1) GDPR)

  • Data Protection Management System
  • Incident Response Management System
  • Data Protection by Design and Default
  • Order Control

Version Information

Template: Data Protection Policy | Version: 2.2 | Updated: 25 January 2024

Download Privacy policy