This Policy on the General Data Protection Regulation (GDPR), applies to only those Users based in the European Union (EU) member states and the United Kingdom, or who are subject to EU law in relation to personal data we collect from them.
The GDPR is the new comprehensive EU legislation on the protection of personal data and its free movement, which came into effect on May 25, 2018. The law intends to create uniform data privacy and protection laws throughout the EU member states and clarify, strengthen and elevate the rights of EU citizens and residents in relation to protecting their personal information. The GDPR applies to us in relation to any offers of products and services we make to you and any personal data we collect from you.
The information that is protected by the GDPR is “personal” and “sensitive personal” data. Personal data includes information such as your name, mailing address, e-mail address, financial information, photos and videos and online identifiers such as IP address and cookies.
GDPR requires that we follow privacy principles outlined in Article 5 of the GDPR and comply with at least one of the personal data processing conditions (see Privacy Principles and Personal Data Processing Conditions, below).
We generally do not collect sensitive personal data which includes, without limitation, information such as racial or ethnic origin, political opinions, religious, or philosophical beliefs, trade union membership, genetic, biometric and health data. GDPR requires that if we did or if we do, we should follow privacy principles outlined in Article 9 of the GDPR and comply with at least one of the personal data processing conditions relevant to sensitive personal data.
The six (6) privacy principles we must comply with in relation to your personal data are: (i) the collection must be processed lawfully, fairly and in a transparent manner; (ii) collection of personal data must be for specific, explicit and legitimate purposes, and not further processed in a manner that is incompatible with those purposes; (iii) collected personal data must be minimised to that which is adequate and relevant for the purpose for which it is processed; (iv) collected personal data must be accurate, and where necessary, kept up to date; (v) the personal data collected must be kept only for as long as is necessary for the purpose for which the data collected are processed, and removed thereafter; and (vi) the personal data collected must be processed in a manner that ensures appropriate security of the personal data.
Personal Data Processing Conditions
Personal data processing under the GDPR must satisfy at least one of the following conditions: (i) your consent must be obtained; (ii) the personal data must be necessary for the performance of a contract to which you are a party or as a preparatory step prior to entering into the contract; (iii) the personal data processing is necessary for compliance with a legal obligation; (iv) the personal data processing is necessary to protect your vital interests or of another person; (v) the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us; and (vi) processing is necessary for the purpose of legitimate interest pursued by us or a third party, except when such interests are overridden by your rights and freedoms.
As your personal data controller, we are required to conduct data privacy impact assessments, obtain appropriate consent from you (which consent you may withdraw at any time) before collecting your personal data, implement privacy by design (as explained below), and to respect the eight (8) rights of users.
Data Privacy Impact Assessments
In order to continually safeguard the protection of your data, when necessary, as determined at our discretion, we will conduct data processing impact assessments to evaluate our data protection processes and systems with an outlook toward perpetual improvement.
Going forward, in such situations where we shall be requesting (i) your personal data such as your name, e-mail address or date of birth, afresh or for the first time, we shall request your clear, unambiguous affirmative consent beforehand, and (ii) your sensitive personal data afresh or for the first time, we shall request your explicit consent.
Privacy By Design
Your Data Rights
The eight (8) rights that you as the user have under the GDPR with regards to when your personal information is collected, include, the right (i) to receive transparent information about data processes; (ii) of access to one’s own personal data; (iii) of correction and amendment of personal data; (iv) to expunge personal data; (v) to curtail and restrict personal data processing; (vi) to use personal data for other purposes; (vii) to objection of the processing of personal data; and (viii) in relation to protection of personal data from automation processes.
Data Processor Requirements Under the GDPR
We utilise the services of certain data processors such as Google Analytics. In some respects, we may be considered as acting as a data processor. The GDPR recognises the responsibility of data processors to maintain, secure and process collected personal data. Going forward, our data processors will be required to (i) keep and maintain written records for such data processing they carry out for us, (ii) put in place appropriate security measures in relation to the protection of your personal data, and (iii) notify us as soon as possible of any data breaches that occur, which information we are in turn required to pass on to you. To the extent that, at any time or from time to time, we may be considered to be acting as data processors, we shall endeavour to comply with this requirement.
In case you have any questions regarding your personal data and the application of the GDPR, please contact us [email protected] and we shall be happy to assist you.