General Data Protection Regulation

General Data Protection Regulation (GDPR)

Last updated June 18th, 2023

The General Data Protection Regulation (GDPR) is an EU legislation that aims to give the residents of the EU more control over their data. Under this regulation, organizations that handle data of EU residents will have to comply with data and privacy rules.

  1. What is the GDPR

The GDPR is a new data and privacy security legislation which was developed by the European Parliament and Council for the protection of data rights of the EU citizens. Companies (including websites, mobile, and desktop apps etc.) that do business transactions with EU citizens are going to be affected by this regulation.

On May 25, 2018, the GDPR replaced the existing data protection law i.e. the Data Protection Directive that has been in effect since 1998. One of the key aims and requirements of the GDPR is to keep EU citizens informed of how businesses collect, use, share, secure and process their personal data.

  1. Your Rights Under the GDPR.

 

Right to Access

The right to be provided with a copy of your personal information (the right of access)

Right to Rectification

The right to require us to correct any mistakes in your personal information

Right to be Forgotten

The right to require us to delete your personal information—in certain situations

Right to Restriction of Processing

The right to require us to restrict processing of your personal information—in certain circumstances, e.g. if you contest the accuracy of the data

Right to Data Portability

The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations

Right to Object

The right to object:

¾   at any time to your personal information being processed for direct marketing (including profiling);

¾   in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests.

Right Not to be Subject to Automated Individual Decision-Making

The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

 

For further information on each of those rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioner's Office (ICO) on individual rights under the General Data Protection Regulation.

  1. Our Legal Basis for Processing Data

The GDPR requires us to give a legal basis for processing personal data of customers. There are 6 legal bases, which are as follows:

  1. The data subject has given consent to the processing
  2. Processing is necessary for performance of a contract between the two parties
  3. Processing is necessary for compliance with a legal obligation
  4. Processing is necessary to protect the data subject's vital interests
  5. Processing is necessary in order to protect a public interest or exercise official authority
  6. Processing is necessary for the purpose of legitimate interests, so long as fundamental rights and freedoms aren't infringed
  7. Data Controller and Contact Information

We are a US-based company which controls and processes authorized user's information of customers in the US.