The General Data Protection Regulation (GDPR) Policy
What is the GDPR?
The General Data Protection Regulation (GDPR) came into force on May 25th 2018 automatically applies to all 28 member states of the European Union, before its implementation. The misuse of a person's data was punishable relatively under “Data Protection Directive 1995”, known in the UK as the Data Protection Act 1998.
Why was the GDPR adopted?
Technology has dramatically since 1995. Over the last few years businesses have become more dependent on the web and new laws were needed to address the modern world of large-scale internet use and social media.
GDPR, which is an acronym for General Data Protection Regulation, was enacted by the European Parliament ('EP') to further strengthen data protection for people inside of the European Union ('EU').
The European Union's Regulation 2016/6791, the new General Data Protection Regulation, came into effect on May 25, 2018 in order to regulate the processing by an individual, a company or an organization of personal data relating to EU resident individuals in the EU.
The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the 'Charter') and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provides that everyone has the right to the protection of personal data concerning him or her.
GDPR Compliance and Data Protection
The principle of accountability is a cornerstone of the GDPR. According to the GDPR, a business /organization is responsible for complying with all data protection principles and is also responsible for demonstrating compliance. The GDPR provides businesses/organizations with a set of tools to help demonstrate accountability, some of which have to be mandatorily put in place.
The legislation makes EU resident individuals' privacy rights stronger by limiting processing of their personal data, significantly expanding their rights over their data, and giving them greater visibility into the nature, purpose, and use of their data.
Under GDPR, organizations need to ensure they are compliant, or risk financial penalties.
GDPR compliance requires commitment from agency clients, as it does with other data protection laws. We are tracking the recommendations and guidance issued by regulatory authorities to assist us to develop tools appropriate for use of 3marketeers' services.
GDPR Scope
GDPR is in force for every organization that tracks EU resident behavior inside of the EU and that processes or uses the personal data of EU residents.
It grants broad individual rights pertaining to personal data, some of which include:
-
The right to be fully informed
-
The right to consent
-
The right to withdraw consent
-
The right to erasure of personal data
-
The right to be forgotten
-
The right to deletion of personal data
-
The right of access to personal data
-
The right to have incorrect personal data rectified
-
The right to object
-
The right to request data
Which Organizations are affected by the GDPR?
In general, any organization that collects, processes or stores personal information about EU citizens within the EU states must conform to the GDPR, no matter if they have an EU business presence or not.
Organizations that fall under the General Data Protection Regulation legislation:
-
An EU country presence
-
No EU presence, but processes the personal data of EU residents.
How We Comply With GDPR
We Demand Genesys PVT. LTD. is GDPR-ready. We bring all internal procedures lawfully in line with GDPR to design a communication framework so that our clients can communicate with customers and prospects with GDPR compliance in mind.
We process Eu citizens data in an organized form for B2B communications only under Article 7(2). All other uses of the data is restricted from our end. All of our marketing programs are strictly for business purposes only. Our sole aim is to connect with the ‘business’ and not with any individual while meeting data privacy obligations across the globe.
What information is being collected?
The information of EU citizens that is being collected from our end is strictly professional, we don’t collect any personal information about any individual without his/her consent under Article 7(1). We process Eu citizens data for B2B communications only. Our sole aim is to connect with the ‘business’ and not with any individual.
How we secure the data?
We understand the essence of the GDPR in valuing personal data and giving the control over personal data back to the citizens under Article (5). We don't keep data unnecessarily. We are conscious about the safety of the data that is being collected. The information that is being asked by our executives is stored in an organized database while performing the necessary precautions to keep it secure from hackers and viruses.
How will it be used?
We process Eu citizens data for B2b communication only. As data controllers we control, review, and aggregate the data of our customers, everything is implemented as currently intended in the GDPR under Article 24. We take it as a responsibility to keep records of user consent providing full control to the user of his/her information. The data subject or the individual has the right to withdraw their consent at any time and it has to be as easy to withdraw as to give consent Article 7(3). The information that has been collected that can be handover to them any time if they’d like to. (REGULATION (EU) 2016/679—(Recital 70))
Important GDPR Definitions & Articles
Personal Data
'Personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Controller
'Controller' means the natural or legal person, public authority, agency or other body which alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor
'Processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Remove me from all communications
To be removed from any Demand Genesys communications, please email us with your consent of unsubscription. We will confirm your details and remove you from further outreach.
References
Recital (70)
Where personal data are processed for the purposes of direct marketing, the data subject should have the right to object to such processing, including profiling to the extent that it is related to such direct marketing, whether with regard to initial or further processing, at any time and free of charge. 2That right should be explicitly brought to the attention of the data subject and presented clearly and separately from any other information.
Article 7.1
Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to the processing of his or her personal data.
Article 7.2
The request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language.
Article 7.3
The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.
(REGULATION (EU) 2016/679—(Recital 70))
"Where personal data is processed for the purposes of direct marketing, the data subject should have the right to object to such processing, including profiling to the extent that it is related to such direct marketing, whether with regard to initial or further processing, at any time and free of charge. That right should be explicitly brought to the attention of the data subject and presented clearly and separately from any other information."
Article 24 "Responsibility of the controller"
Article 24.1
Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation. Those measures shall be reviewed and updated where necessary.
Internet Resources www.gdpr-info.eu
