General Data Protection Regulation (GDPR) Policy

Carrma is committed to protecting the privacy and personal data of our customers, and we take our obligations under the General Data Protection Regulation (GDPR) seriously. This policy outlines how we ensure compliance with GDPR in the collection, processing, storage, and retention of personal data.

Scope and Application

This policy applies to all personal data processed by Carrma in the course of our business activities, whether collected from individuals or obtained from other sources.

Principles of GDPR

We adhere to the following GDPR principles in the collection and processing of personal data:

Collection and Processing of Personal Data

Carrma collects and processes personal data for the following purposes:

Security of Personal Data

Carrma takes appropriate technical and organizational measures to ensure the security of personal data. We use secure servers, encrypted communication, and access controls to protect personal data from unauthorized access, alteration, or disclosure.

Disclosure of Personal Data

Carrma may disclose personal data to third parties in the following circumstances:

Rights of Data Subjects

Individuals have the following rights with respect to their personal data processed by Carrma:

Carrma will respond promptly and appropriately to any request from an individual to exercise these rights.

Retention of Personal Data

Carrma retains personal data for as long as necessary to fulfill the purposes for which it was collected and as required by law.

Changes to this Policy

We reserve the right to amend this policy at any time. We encourage individuals to review this policy periodically to stay informed about how we are protecting their personal data.

Contact Information

If you have any questions or concerns about this policy or our privacy practices, please contact us at