Passed in 2016, the new General Data Protection Regulation (GDPR) is the most significant legislative change in European data protection laws since the EU Data Protection Directive (Directive 95/46/EC), introduced in 1995. The GDPR, which becomes enforceable on May 25, 2018, seeks to strengthen the security and protection of personal data in the EU and serve as a single piece of legislation for all of the EU. It will replace the EU Data Protection Directive and all the local laws relating to it. We support the GDPR and will ensure all CH Consult cloud services comply with its provisions by May 25, 2018.
2 WHAT IS THE GDPR?
The General Data Protection Regulation (GDPR) is a new European privacy law that goes into effect on May 25, 2018. The GDPR will replace the EU Data Protection Directive, also known as Directive 95/46/EC, and will apply a single data protection law throughout the EU. Data protection laws govern the way that businesses collect, use, and share personal data about individuals. Among other things, they require businesses to process an individual’s personal data fairly and lawfully, allow individuals to exercise legal rights in respect of their personal data (for example, to access, correct or delete their personal data), and ensure appropriate security protections are put in place to protect the personal data they process. We have taken steps to ensure that we will be compliant with the GDPR by May 25, 2018.
3 WHO DOES THE GDPR APPLY TO?
The GDPR applies to all entities and individuals based in the EU and to entities and individuals, whether or not based in the EU, that process the personal data of EU individuals. The GDPR defines personal data as any information relating to an identified or identifiable natural person. This is a broad definition and includes data that is obviously personal (such as an individual’s name or contact details) as well as data that can be used to identify an individual indirectly (such as an individual’s IP address).
4 DOES THE GDPR APPLY TO AN INDIVIDUAL PERSON?
Yes, if the individual person is a customer of deltaconX AG and they are processing the personal data of EU individuals when using our products and services.
5 WHAT IS deltaconX AG’S ROLE UNDER GDPR?
We act as a data controller for the customer information we collect to provide our products and services and to provide timely customer support. This customer information includes things such as customer name and contact information.
6 WHAT HAVE WE DONE TO COMPLY WITH GDPR?
We have conducted an analysis of our operations to ensure we comply with the new requirements of the GDPR. We have reviewed our products and services, customer terms, privacy notices and arrangements with third parties for compliance with the GDPR. We can confirm we will be fully compliant with the GDPR by May 25, 2018.
7 WHAT PERSONAL DATA DO WE COLLECT AND STORE FROM CUSTOMERS?
We store data that customers have given us voluntarily via various communication channels like phone, email, mail, support tools, website visits, subscriptions or personal meetings for the purpose of requesting information, preparing contracts, providing services, support and assistance.
For example, in our role as data controller, we may collect and store contact information, such as name, email address, phone number, or physical address, when customers sign up for our products and services or seek support help. We also may collect other identifying information from our customers, such as IP address, SSH public keys or Oauth tokens for external services.
8 HOW DO WE HANDLE DELETE INSTRUCTIONS FROM CUSTOMERS?
Customers have the ability to remove or delete information they have uploaded to our products. Likewise, customers may cease our products and services and request that all personal data we have collected and stored is deleted. Contact us via firstname.lastname@example.org for further instructions.