What are the actions that CircleHD is taking to comply with GDPR?
CircleHD is dedicated to meet all the GDPR requirements and is committed towards protecting the privacy concerns of our app users, website and blog visitors.
Out checklist for GDPR compliance before the regulation comes into effect:
|Familiarize ourselves with the full text of the regulation.||COMPLETED|
|Refer legal communities that cover GDPR related topics.||COMPLETED|
|Nominate Data Protection Specialist: We've nominated our Chief Information Officer for the role. Email: email@example.com||COMPLETED|
|Make a list of all the in-app areas that need to be managed and organized to comply with the regulation||COMPLETED|
|Make a list of all the areas on the website and blog that need to be updated to get in-line with the regulation||COMPLETED|
|Execute changes on the website and blog to make sure they are in-line with the GDPR rules||COMPLETED|
|Implement pseudonymization to protect the user's data which do not have a compulsion to be kept in its original form||COMPLETED|
|Ensure protection of personal data of CircleHD users||COMPLETED|
|Create a standard Data Breach Response plan||COMPLETED|
Role of CircleHD in data protection?
CircleHD is defined as:
1) data administrator in relation to CircleHD users and businesses;
2) data processor in relation to the data owners whose personal data is uploaded to CircleHD and used in reports by its users. It implies that as a company, we superintend a couple of matters:
CircleHD needs to update its users and businesses whenever a third party takes part in processing their personal data.
CircleHD is liable to immediately inform the data administrator (the user) in case someone from the user's organization, contacts CircleHD to stop the outreach.
CircleHD permits the ‘right to be forgotten' and the ‘right to assist in data deletion' on a special request. As CircleHD user or administrators, you may request your personal data change or deletion. The detailed instruction on how to exercise those rights can be found below in the section Adequacy, relevance, limitedness of the GDPR Compliance.
CircleHD will address any violation of GDPR reported at firstname.lastname@example.org
What is GDPR?
The General Data Protection Act (GDPR) is being introduced by the European Union to regulate how personal data can be processed. Its goal is to ensure data protection of the people who live in the EU.
Why is there a need for GDPR?
EU data protection rules have not been changed over last two decades. There are two main reasons why the EU legislative branch decided to upgrade the existing regulations.
The reach of technology is global in today's era – personal data processing is present everywhere in today's digital world making existing regulation outdated;
According to a survey taken by Eurobarometer in 2011, 75% of people want to exercise their right to be forgotten. 90% believe that it's necessary to standardize the rights related to personal data protection (source).
Kinds of information under protection?
The scope of GDPR covers natural persons and their rights. It excludes business entities or organizations and processing of their data.
It protects processing of below mentioned personal data:
- Phone number
- Company Name
- Job title
Also indirect identifiers including physiological, mental, physical, genetic, economic, cultural and social identity. Hence, it protects any information using which one can identify the individual.
What does ‘processing' mean?
‘Processing' relates to personal data “collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction,” as in Article 4 (2) of the regulation.
Lawful basis for data processing
Processing personal data, in compliance with GDPR, requires one to follow the principles below:
Lawfulness Fairness Transparency Adequacy Relevance Limitedness Accuracy Storage Limitation Integrity Confidentiality.
Here is how CircleHD falls in line with these principles and what all you should know to use CircleHD in accordance with GDPR.
Lawfulness, fairness, and transparency
As data administrator, users must ensure that their actions have a clear and legitimate purpose to it. It is a must to have a valid reason to process personal data of EU citizens. One should also be able to explain the entire process of collecting the required data.
Adequacy, relevance, limitedness
CircleHD only processes the data necessary with respect to the purpose of the of the objective and does not collect any sensitive data such as gender, ethnic background, race, political views, etc.
A given user data is processed till the user has a CircleHD account, or they report a request to avail their right to erasure, which initiates a process to removes their data from our user base.
CircleHD processes its users from the moment they submit their consent for it and is processed until a user requests to be removed from the same.
How CircleHD users can change or remove their personal data?
- Account administrators can delete users from the account
- Uploaded videos can be managed and deleted from My Contents
- Terminated accounts are retained for 30 days to assist with service reactivation. After 30 days have passed the account is permanently deleted
CircleHD users can edit their account name or change their password by visiting “My Profile” section in the web app, after logging in. To request deletion of their data, a user can contact the support team at email@example.com.
Our support team is available 24X7 in case you need any help. For any queries email us at firstname.lastname@example.org to get instant help.