Siticone UI adheres to the following GDPR principles in all our data processing activities:

• Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and transparently. Our Privacy Policy clearly explains what data we collect and how we use it.
• Purpose Limitation: We collect personal data only for specified, explicit, and legitimate purposes, and do not process it in ways incompatible with those purposes.
• Data Minimization: Our UI components are designed with data minimization in mind, collecting and processing only what is necessary for their functionality.
• Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date, with measures to rectify or delete inaccurate data.
• Storage Limitation: We store personal data only for as long as necessary for the purposes for which it was collected.
• Integrity and Confidentiality: We implement appropriate technical and organizational measures to ensure the security of personal data, protecting against unauthorized or unlawful processing and accidental loss or damage.
• Accountability: We take responsibility for demonstrating compliance with these principles through documented policies, procedures, and practices.

Under the GDPR, individuals whose personal data we process have the following rights:

• Right to Access: You can request copies of your personal data that we process, along with information about how we use it.
• Right to Rectification: You can request that we correct any inaccurate or incomplete personal data we hold about you.
• Right to Erasure: In certain circumstances, you can request that we delete your personal data (also known as the "right to be forgotten").
• Right to Restrict Processing: In certain circumstances, you can request that we limit how we use your personal data.
• Right to Data Portability: You can request a copy of your personal data in a structured, commonly used, machine-readable format for transfer to another provider.
• Right to Object: You can object to our processing of your personal data in certain circumstances, particularly related to direct marketing or processing based on legitimate interests.
• Rights Regarding Automated Decision Making: You have rights regarding automated decision-making, including profiling, which produces legal or similarly significant effects.

It's important to understand how our UI components handle personal data and what practices we've implemented to ensure GDPR compliance:

Data Collection:

• Our UI components themselves process data locally on the client device and do not automatically transmit data to our servers.
• For licensing and activation purposes, we collect minimal data such as license keys and basic system information.
• When you contact us for support, we collect the necessary contact information to provide assistance.
• If you opt into our analytics program, we collect anonymized usage data to improve our products.

Controller vs. Processor Role:

• When you use Siticone UI components in your applications, we act as a data processor for any personal data processed through our components.
• You (or your organization) remain the data controller responsible for determining the purposes and means of processing personal data collected through your applications that use our components.
• As a processor, we only process personal data according to your instructions as outlined in our license agreement and data processing agreements (where applicable).

Lawful Basis for Processing:

• We process personal data based on legitimate interests for product improvement and service delivery.
• Where applicable, we obtain explicit consent for specific processing activities.
• Processing necessary for the performance of our contract with you (license agreement).
• Processing to comply with legal obligations.

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption: Our UI components support AES-256 encryption for sensitive data handling to protect user-generated content.
• Data Integrity: We use SHA-512 hashing to ensure data integrity across all components.
• Access Controls: Implementation of strict access controls with role-based permissions for our systems and services.
• Network Security: Secure transmission protocols (TLS/SSL) for any data that needs to be transmitted between systems.
• Secure Development: We follow secure development practices, including regular code reviews and penetration testing.
• Input Validation: Our components implement robust input validation to prevent injection attacks.
• Regular Audits: We conduct regular security audits and vulnerability assessments on our components and infrastructure.
• Employee Training: Regular GDPR and security awareness training for all staff members.

In the unlikely event of a data breach affecting personal data, we have established the following procedures:

• Detection and Assessment: We maintain systems to detect potential breaches and have a dedicated team to assess the nature, scope, and impact of any confirmed breach.
• Containment and Recovery: Immediate steps to contain the breach and recover affected systems or data.
• Risk Assessment: Evaluation of the risks associated with the breach, including potential harm to data subjects.
• Notification to Supervisory Authority: Where required, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach.
• Notification to Data Controllers: As a processor, we will notify our customers (the data controllers) without undue delay after becoming aware of a personal data breach.
• Communication to Data Subjects: Where appropriate, we will assist data controllers in communicating high-risk breaches to affected individuals.
• Documentation: All breaches, regardless of severity, are documented internally, including facts, effects, and remedial actions taken.

If you have any questions about our GDPR compliance, wish to exercise your data subject rights, or need assistance with GDPR-related matters when using our products, please contact our Data Protection Officer:

• Email: russell@siticoneframework.com

For general inquiries or support requests, please use our regular Contacts .

Q: Does using Siticone UI components in my application make me compliant with GDPR?

A: While our components are designed with GDPR compliance in mind, using them alone does not make your application fully GDPR compliant. As the data controller, you are responsible for ensuring that your overall application and data handling practices comply with GDPR requirements.

Q: Do Siticone UI components automatically send user data to your servers?

A: No, our UI components process data locally by default and do not automatically transmit data to our servers. Any data transmission would need to be explicitly configured by your application code. The only exception is during design time when registering and de-registering Trial Periods and Premium Licenses.

Q: Do I need a Data Processing Agreement (DPA) with Siticone UI?

A: If you use our cloud-based services or if our support team might access personal data during troubleshooting, a DPA may be appropriate. Contact our DPO to request our standard DPA or to discuss specific requirements.

Q: How does Siticone UI help with implementing the right to be forgotten?

A: Our components include methods to clear and remove user data when necessary. We provide documentation on implementing data deletion functionalities to help you fulfill right to erasure requests.

Q: Do Siticone UI components use cookies or similar technologies?

A: Some of our components may use local storage or session storage for functionality, but we do not implement third-party tracking cookies. All client-side storage is transparent and configurable. Documentation is provided on how to integrate with consent management solutions.

Q: How can I ensure that data collected through Siticone UI forms is properly protected?

A: We provide encryption options for sensitive form data and documentation on secure implementation patterns. However, you will need to ensure that your backend systems and data storage practices also meet GDPR security requirements.