Our GDPR Commitment
The General Data Protection Regulation (GDPR) is an EU data privacy regulation that went into effect on May 25, 2018. The regulation gives EU citizens more control over their data and unifies previous privacy and security laws under one comprehensive law.
At DataSine, there are core GDPR principles that we always operate in accordance to and have taken actions to ensure we are GDPR compliant. These principles and actions are outlined below.
Our GDPR principles
- We will process all personal data fairly and lawfully.
- We will only process personal data for specified and lawful purposes.
- We will endeavour to hold relevant and accurate personal data, and where practical, we will keep it up to date.
- We will not keep personal data for longer than is necessary.
- We will keep all personal data secure.
- We will endeavour to ensure that personal data is not transferred to countries outside of the European Economic Area (EEA) without adequate protection.
Our GDPR actions
- We have reviewed and updated all our internal processes, procedures, data systems and documentation to be compliant with GDPR. We continue to perform these reviews and updates on an ongoing basis.
- We have conducted a full data audit and documented the data we collect, why we collect it, how it is stored and protected, how long it is stored, and who is responsible for removal requests.
- We do not store any personally identifiable data on the customers of our users. Instead, each customer is given a unique anonymous identifier.
- We require that all DataSine employees sign a confidentiality agreement and complete mandatory confidentiality and privacy training.
- We have appointed a Data Privacy Officer, contactable via firstname.lastname@example.org.
- We have enhanced our security by running our platform in an Amazon Virtual Private Cloud environment, meaning our network traffic is isolated from anyone else using Amazon Web Services.
- We require that all users confirm they are GDPR compliant during the sign-up process. Failure to do so will result in the user being denied access to the platform. We also require that users either have the necessary consent from their customers or have assessed the legitimate interest of using the platform at all times.