Commitment to GDPR
WHAT IS GDPR?
The GDPR (General Data Protection Regulation) is one of the most important privacy and data protection laws which was adopted in the European Union. This regulation provides EU’s residents with greater transparency and control over their personal data and makes companies handling personal data accountable for their choices. Provisions of this regulation apply to all businesses within the world collecting and processing personal data of individuals, including EU residents.
MAIN REQUIREMENTS OF GDPR and HOW WE DO COMPLY WITH THEM
1. TRANSPARENCY
Transparent processing means that companies must inform data subjects about the processing activities on their personal data in a clear and simple way.
What have we done?
For providing transparency, we have revised our Privacy Policy and made it clear and easy to understand, so that you can learn how we collect and process your personal data, what rights you have and other important details you may need to know.
In addition, we have prepared Cookie Policy clearly describing which types of cookies we use and how you can change cookie settings.
2. LAWFULLNES
Lawful processing means that all and any processing of personal data should be based on a legitimate purpose.
What have we done?
We have revised all the activities in our company concerning the processing of personal data, the purposes of such processing and the relevant legal bases pointing them out in a table format (please, see our Privacy Policy).
With regard to such legal base as our legitimate interests, we have balanced individual’s interests with our legitimate interests and became confident that individual’s interests do not override ours.
With regard to such legal base as your consent, we have implemented the prominent and separate request for your consent on cookies placement and processing the relevant information.
3. DATA MINIMIZATION
It means that companies are expected to limit the processing, collect only that data which is necessary, and not keep personal data once the processing purpose is completed.
What have we done?
We have reviewed what information we collected about individuals, have determined the purpose of this collection and have cut unnecessary personal data outlining all relevant categories of personal data and purposes of their processing in our Privacy Policy.
4. DATA SECURITY
Companies should incorporate organizational and technical mechanisms to protect personal data, including at the stage of designing new systems and processes.
What have we done?
We have reviewed our security measures, improved them and prepared for you a brief guide describing our actions to protect our clients’ data.
In addition, we built our services on DigitalOcean Platform’s compliance (https://www.digitalocean.com/security/compliance) and AWS Platform’s compliance (https://aws.amazon.com/compliance) with leading standards for privacy and information security.
5. DATA SUBJECT RIGHTS
The data subjects have been assigned the right to ask the company what information it has about them, and what the company does with this information. In addition, a data subject has the right to ask for correction, object to processing, lodge a complaint, or even ask for the deletion or transfer of his or her personal data.
What have we done?
We have offered our clients data portability and data management tools including access, correction, and removal of your personal data which you may easily exercise by contacting us.
6. DATA TRANSFER
It means companies have the obligation to ensure the protection and privacy of personal data when that data is being transferred outside the company, to a third party (service providers, etc.).
What have we done?
We have reviewed all our service providers (subprocessors) that receive our clients’ personal data, checked their privacy policies and left only GDPR-compliant service providers. Please, see the list of our current subprocessors here.
With regard to our clients, we have prepared and published Data Processing Agreement under which we guarantee to assist the client with main issues arised in connection with GDPR and ensure security of all personal data we receive.
7. PERSONAL DATA BREACHES
The breach notification requirements require data controllers to notify data breaches to affected individuals if the data breach is likely to result in a high risk to the rights and freedoms of the individual.
What have we done?
We have taken obligations to cooperate with our clients and take reasonable commercial steps to assist in the investigation, mitigation and remediation of each such personal data breach, including prompt notification of the relevant breaches. Please, see our Data Processing Agreement.
In addition, we have prepared and implemented internal Data Breach Policy.
IF YOU WANT TO KNOW MORE ABOUT GDPR, you may visit, among others, the following websites: