What is GDPR?
The General Data Privacy Regulation (GDPR) is the most important change in data privacy regulation in 20 years. To make it shorter (and easier to understand): the GDPR replaces the Data Protection Directive 95/46/EC and it is designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.
Date of effectiveness: 25 Oct 2019 – at which time those organizations in non-compliance may face heavy fines.
Here is a really nice and easy to understand infographic published by the European Commission: https://ec.europa.eu/justice/smedataprotect/index_en.htm
What data can we process and under which conditions?
We also respect several key rules as required by GDPR, including:
Personal data must be processed in a lawful and transparent manner, ensuring fairness towards the individuals whose personal data we’re processing (‘lawfulness, fairness and transparency’). In order to do so, all the data that we process can be checked by each Customer at any moment.
We only collect and process the personal data that is necessary to fulfil our purpose: offer you website/app analytics (‘data minimisation’)
We are ensuring that personal data is accurate and up-to-date, by offering our customers the right to edit it at any moment as they need (‘accuracy’)
We do not further use the personal data for other purposes that aren’t compatible with the original purpose of collection.
We ensure that personal data is stored for no longer than necessary for the purposes for which it was collected and each Customer can reset its website/app data at any moment and delete the account — once these steps are done and confirmed, we no longer store the data (‘storage limitation’)
We installed appropriate technical and organisational safeguards that ensure the security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technology (‘integrity and confidentiality’). Therefore, we also use the procedures and policies under ISO/IEC 27000 family of standards to help organizations keep information assets secure. Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.
What are my rights as a user?
You have the right to:
Information about the processing of your personal data;
Obtain access to the personal data held about you;
Ask for incorrect, inaccurate or incomplete personal data to be corrected;
Request that personal data be erased when it’s no longer needed or if processing it is unlawful
Object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation
Request the restriction of the processing of your personal data in specific cases;
Receive your personal data in a machine-readable format and send it to another controller (‘data portability’)
Request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision
To exercise your rights you should contact us at firstname.lastname@example.org and we will respond to your requests without undue delay and generally at the latest within 1 month.
You may be asked to provide information to confirm your identity (such as, clicking a verification link, entering a username or password) in order to exercise your rights.
These rights apply across the EU, regardless of where the data is processed and where the company is established. These rights also apply when you buy goods and services from non-EU companies operating in the EU.