The GDPR (General Data Protection Regulation) is one of the most important privacy and data protection laws which was adopted in the European Union. This regulation provides EU’s residents with greater transparency and control over their personal data and makes companies handling personal data accountable for their choices. Provisions of this regulation apply to all businesses within the world collecting and processing personal data of individuals, including EU residents.
Transparent processing means that companies must inform data subjects about the processing activities on their personal data in a clear and simple way.
Lawful processing means that all and any processing of personal data should be based on a legitimate purpose.
With regard to such legal base as our legitimate interests, we have balanced individual’s interests with our legitimate interests and became confident that individual’s interests do not override ours.
With regard to such legal base as your consent, we have implemented the prominent and separate request for your consent on cookies placement and processing the relevant information.
It means that companies are expected to limit the processing, collect only that data which is necessary, and not keep personal data once the processing purpose is completed.
Companies should incorporate organizational and technical mechanisms to protect personal data, including at the stage of designing new systems and processes.
We have reviewed our security measures, improved them and prepared for you a brief guide describing our actions to protect our clients’ data.
In addition, we built our services on DigitalOcean Platform’s compliance (https://www.digitalocean.com/security/compliance) and AWS Platform’s compliance (https://aws.amazon.com/compliance) with leading standards for privacy and information security.
The data subjects have been assigned the right to ask the company what information it has about them, and what the company does with this information. In addition, a data subject has the right to ask for correction, object to processing, lodge a complaint, or even ask for the deletion or transfer of his or her personal data.
We have offered our clients data portability and data management tools including access, correction, and removal of your personal data which you may easily exercise by contacting us.
It means companies have the obligation to ensure the protection and privacy of personal data when that data is being transferred outside the company, to a third party (service providers, etc.).
We have reviewed all our service providers (subprocessors) that receive our clients’ personal data, checked their privacy policies and left only GDPR-compliant service providers. Please, see the list of our current subprocessors here.
With regard to our clients, we have prepared and published Data Processing Agreement under which we guarantee to assist the client with main issues arised in connection with GDPR and ensure security of all personal data we receive.
The breach notification requirements require data controllers to notify data breaches to affected individuals if the data breach is likely to result in a high risk to the rights and freedoms of the individual.
We have taken obligations to cooperate with our clients and take reasonable commercial steps to assist in the investigation, mitigation and remediation of each such personal data breach, including prompt notification of the relevant breaches. Please, see our Data Processing Agreement.
In addition, we have prepared and implemented internal Data Breach Policy.
IF YOU WANT TO KNOW MORE ABOUT GDPR, you may visit, among others, the following websites: