ACE of BRUSSELS' Data Protection, Privacy and Data Retention Policies have been reviewed to ensure that they meet GDPR requirements. We have and continue to develop accountability and governance measures (including privacy by design) to raise awareness of and promote compliance with our data protection obligations and responsibilities. We have and continue to update our policies and schedules in consideration of 'data minimisation' and 'storage limitation' principles. We have and continue to develop safeguards and security measures for identifying, assessing, investigating and reporting personal data breaches. ACE of BRUSSELS is occasionally obliged to transfer personal information and we have and continue to develop our policies and procedures for securing and maintaining the integrity of the data. When such data transfers involve external recipients, we request that recipients verify that they have appropriate safeguards to protect the personal information and to comply with data subject rights and requests. Reviewed August 2022.