Collaborate.to's commitment to GDPR
Collaborate.to is committed to taking care of our customer’s data protection and compliance. We make sure that we do not collect any personal data more than anything required for the better functioning of the website. All while protecting your customer’s personal data. We’ve opted for a lot of changes about how to process related to data security.
What is GDPR?
GDPR or General Data Protection Regulation is EU-wide privacy that came into effect in May 2018. It is for regulating how the EU residents’ data is protected by companies and enhancing the control of EU personal data.
The GDPR is designed for any globally operating company and not only for EU-based businesses and residents. We make it most effective to protect our customers’ data irrespective of where they reside.
What is personal data?
Personal data is nothing but any data that is related to an individual. This law covers a wide spectrum of information of any individual to identify a person. Personal data just does not mean the person’s name or email id. It also includes genetic data, IP address, physical address, and ethnicity.
The Framework of GDPR Compliance
1.Collection of personal data
The GDPR is for identifying and documenting all the personal data collected from the EU data subjects. We categorize and map the type of personal data that are collected for better identification.
It is to manage all the collected data for the only purpose why it was collected. We also remove or delete the personal data of the accounts that are not active anymore.
3.Data Protection Impact Assessment
The data protection impact assessments (DPIA) are for identifying assess or minimizing privacy risks with data processing activities.
4.Legal basis for processing data
Collaborate.to makes use of Consent, legitimate interest, and contracts as a legal basis to process data based on the personal information we’ve collected.
Collaborate.to has its own internal process for how we respond and resolve queries related to individual rights. These individual all the customer rights which include right to information, right to rectification, right to access, right to erasure, right to restrict processing, right to data portability, right to object for making including profiling.
We also have designed Data Processing Agreement (DPA) to allow our clients to have GDPR compliant sites themselves. This document clearly states how we protect our customer’s data without violating any law.
7. Processing of Personal Data outside of EU
As per the GDPR, the EU does not allow you to transfer any of the customer’s data unless an adequate mechanism is in place to ensure the security of the personal data.
8. Website Update
GDPR is a continuous process of safeguarding everyone’s data. Also, we make sure that we do not violate any of the rules set forth by GDPR and keep a regular eye on GDPR law. If you require any information about our GDPR, get in touch with us.
Individuals privacy rights and consent
Data subject rights
Our tools and application assist customers to meet obligations under the GDPR right to be forgotten to make it easy to delete personal data from our database.
Inactive end users may also request for deleting the personal data by initiating the account deleting request from the Collaborate.to profile.
What is GDPR?
Where does the GDPR applies?
This law is applicable to any organization that deals with personal data. It doesn't matter where your organization is located- if your organization deals with the personal data of subject of the EU, you are under the jurisdiction of the law.
What does Data Protection Officer (DPO) mean and does my business need one?
The DPO is responsible for informing employees and conducting monitoring, training, and audits required by the GDPR. DPO is important to appoint in multiple cases given below:
process huge amount of personal data
carry out large scale systematic monitoring of individuals
are a public sector authority.
Should the GDPR require EU data to stay in the EU?
No, there is no rules and regulation in practice. The GDPR does not require EU personal data to stay in the EU nor there is any restrictions on the transfer of personal data outside the EU. Data transfer from the EU can be legitimated in multiple ways:
EU-US privacy shield
Model or contractual clauses
What are the lawful ways the data controller can use to process customer data?
The data controller can choose from the six data processing bases given below:
It is when you process the personal data to fulfill your contractual obligations or for taking some actions based on the customer's request.
Consent of the data means', any freely given, specific, informed indication of the data subjects' wishes by a statement or by clear affirmative action related to personal data processing.
This particularly applies when you have to comply with an obligation under any applicable law. For e.g; providing information in response to the valid request.
This is applicable for the urgent matters of life and death, especially related to health data.
This is applicable to the activities of public authorities.
This applies when it is commercial interests. The controller should have everything documented and recorded on decisions of legitimate interests.
What does GDPR mean by “data protection by design and by default”?
Data protection by default means businesses need to implement appropriate measures to mitigate privacy risks while collecting the data and extending it while processing it.
Data protection by design means comes into the role for ensuring only the personal data which is required is collected and incorporate privacy features and functionality into the products since it was stated to design.