What is the GDPR?
The General Data Protection Regulation (GDPR) is a new European privacy law that goes into effect on May 25, 2018. The GDPR will replace the EU Data Protection Directive, also known as Directive 95/46/EC, and will apply a single data protection law throughout the EU.
Data protection laws govern the way that businesses collect, use, and share personal data about individuals. Among other things, they require businesses to process an individual’s personal data fairly and lawfully, allow individuals to exercise legal rights in respect of their personal data (for example, to access, correct or delete their personal data), and ensure appropriate security protections are put in place to protect the personal data they process.
We have taken steps to ensure that we will be compliant with the GDPR by May 25, 2018.
We act as a data controller for the EU customer information we collect to provide our products and services and to provide timely customer support. This customer information includes things such as customer name and contact information.
Managing and Disabling Cookies
As you may already have cookies installed, we provide the following information as a service. Above all, consult the privacy and help documentation of your specific browser’s website. If you use more Devices and/or browsers you will need to disable cookies on each Device and on each browser separately. Here are the locations of the cookie settings for all major web browsers
- • Opera - Preferences > Privacy and Security > Cookies > All cookies and Site Data
- • Mozilla Firefox – Tools > Options > Privacy menu.
- • Safari Users – Edit > Preferences > Privacy menu.
- • Chrome Users – Settings > Content Settings > Privacy > Cookies.
- • Internet Explorer – Tools > Internet Options > Privacy tab.
If you limit the ability of websites to set cookies that they issue, this may prevent you from using certain features properly and your user experience – which will no longer be personalised for you – may deteriorate. You may disable cookies issued by third parties; this may prevent you from using certain services of the Website (like shared login procedures, for example).
Right to Restriction of Processing
Restriction of processing means holding data, but not using it.
This can apply where:
- you contest the accuracy of the personal data;
- processing is unlawful but you do not want it erased;
- you require it for the establishment, exercise or defence of legal claims; or
- you have objected to the processing and verification as to our overriding legitimate grounds is pending.
Right of Access
You can request a copy of the personal data we hold about you.
Right to Data Portability
You have a right to receive personal data you have originally provided in a structured, commonly-used and machine-readable format, and to have those data transmitted to a third-party data controller, where:
• processing is based on your consent or on the performance of a contract with you.
Right to Object
The right to object ot processing your personal data is based on our legitimate interests. In such a case we will stop processing your personal data unless we can demonstrate compelling legitimate interests which override your interests and you have a right to request information on the balancing test we have carried out.
You have the right to object where we are processing your personal data for direct marketing purposes.
Automated Decision-Making
You have a right not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affects you other than where the decision is:
- • necessary for entering into a contract, or for performing a contract with you;
- • based on your explicit consent – which you may withdraw at any time; or
- • is authorized by European Union law.
[Where we base a decision solely on automated decision-making, you will always be entitled to have a person review the decision so that you can contest it and put your point of view and circumstances forward.]
Right to Complain
You have the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you are unhappy with how we are processing your personal data.
We will respond to your request in writing, as soon as practicable and in any event not more than one month after receipt of your request. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. All requests should be addressed using the related form.
Right to Erasure (‘Right to be Forgotten’)
Unless processing is necessary to comply with a legal obligation or for establishment, exercise or defence of legal claims, you have the right to request that your personal data be deleted in certain circumstances including:
- the personal data are no longer needed for their original purpose;
- you withdraw your consent to consent-based data processing;
- you object to the processing where no overriding legitimate grounds justify us processing the personal data;
- personal data have been unlawfully processed; or
- to comply with a legal obligation.
We can continue to use your personal data:
- • where you have consented;
- • for the establishment, exercise or defence of legal claims;
- • to protect the rights of another; or
- • for reasons of important public interest.