The GDPR regulation aims to make personal data processing more transparent and to give people more control over their data. Even though the GDPR only applies to EU citizens, we have decided to go beyond and adopt the same good policies for all of our users, regardless of their citizenship or location. The new rules became effective on 25th of May 2018. The following two documents apply these rules to our service:
In compliance with the GDPR, our new Privacy Policy explains in detail what information we receive from you and why. It also outlines how we share your personal information and with whom we share it with.
The first thing you need to know is that we collect the minimum data needed to provide our communications and news function. When you communicate with us, you provide your contact information. We need this to process your event invitations and newsletter subscriptions, and to keep you updated about Hindu issues, as well as to send you send critical information related to the services you use. You can edit this data, download it and request profile deletion through your customer area.
If you’ve given us your express consent, we also use your email address to share updates, queries and status reports. This consent can be withdrawn or modified at any time by notifying us.
These are some of the most important points in the Privacy Policy, but to see everything in details we strongly encourage you to read through the whole document. We also have a designated Data Protection officer, who can address your questions related to your personal data and how we process it.
We also have responsibilities as a data processor. This means that when our contacts use our services and we store any personal data on servers, we are required by the GDPR to meet some criteria for handling this data too. These obligations are described in details in the new Data Processing Agreement, and you can see below some of the major points explained.
One of our main responsibilities as an entity processing information, uploaded on our servers concerning our contacts, is to provide adequate security measures. The DPA has them listed in the form of an official document (Annex 2 of DPA).
The DPA puts in writing our obligation to access any data that our customers store on our servers only to the extent needed to provide our services and to make sure only employees that are directly involved with the provision of the service have access to it.
Sometimes our partnering companies such as hosting companies etc need access to the data uploaded on our servers so that we can provide our service. Our supplier partners are an example of such a partnering company. We provide access only to partners that have same or higher level of data protection as the one we guarantee you through our DPA.
Our DPA responsibilities include timely disclosure by us, if a personal data breach is detected by us to have happened on the servers used by our clients. We are obliged to notify our affected customers within 72 hours.
Also if we receive a request by an individual, regarding any data hosted on our servers, to exercise one of the personal data rights outlined in the GDPR, we’ll direct them to our DPA.