Keynotes for the GDPR
What is GDPR?
The General Data Protection Regulation was drawn up in 2016 but compliance has been enforced on 25th May 2018. (General Data Protection Regulation).
It strengthens the data rights of EU residents and harmonises data protection law across all member states, making it identical.
It also addresses the export of personal data outside the EU and EEA. The regulation contains provisions and requirements pertaining to the processing of personally identifiable information.
According to the European Commission, “personal data” is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information or a computer’s IP address.
Consent must be explicit for data collected and the purposes data is used for. (General Data Protection Regulation) Citizens have the right to access their personal data and information about how this personal data is being processed. When data is collected, users must be clearly informed about the extent of data collection, the legal basis for processing of personal data, how long data is retained, if data is being transferred to a third-party and/or outside the EU, and disclosure of any automated decision-making that is made on a solely-algorithmic basis. The data subject has the right to request erasure of personal data related to them on any one of a number of grounds.
In the private sector, processing is carried out by a controller whose core activities consist of processing operations that require regular and systematic monitoring of the data subjects. Users must be provided with contact details for the data controller and their designated Data Protection Officer.
To be able to demonstrate compliance with the GDPR, the data controller must implement measures which meet the principles of data protection by design and by default. Data protection by design and by default require data protection measures to be designed into the development of business processes for products and services. It is the responsibility and the liability of the data controller to implement effective measures and be able to demonstrate the compliance of processing activities even if the processing is carried out by a data processor on behalf of the controller.
Profiling and data controller
Under new GDPR legislation the data controller must ensure that no sensitive personal data are used for profiling, unless prior consent was obtained and suitable privacy safeguards are used. Profiling is defined in the GDPR as «any form of automated processing of personal data consisting of the use of personal data to evaluate certan personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements».
When data is collected, the data controller must inform the subject that profiling will occur and explain “the logic involved” and “the envisaged consequences of such processing”. The data subject has the right to ask for information of any such processing, including profiling and its consequences, at any time.
APF Nexus Information collection and use
- For a better experience while using our Service, we may require you to provide us with certain personally identifiable information, including but not limited to your name, phone number, and postal address. The information that we collect will be used to contact or identify you.
- The data will be stored and available during the time of use of our Services. We reserve the right to maintain and disclose this data in the event of a lawsuit.
Log data and data processing
We collect and monitor information that you provide us when searching our site for product information or when requesting promotional codes or filling out our contact form. We collect information from users who have consented to this privacy statement in accordance to law art. GDPR UE: 30 1-2 UE 2016/679.
Use of collected information
We retain data for an unlimited period of time but of course it is your right to demand the cancellation of any of it. We reserve the right to delete specific information in case of failure of use of our Services on your behalf. In this case information will be automatically deleted after 10 years.
Consensus of information
Consent will always be sought when using your information for purposes other than those described in the policy. It is your right not to provide it but if you do not consent to any of the terms described in the policy, APF Nexus will not be able to supply you with its products.
Sharing of your information
- Log data and personal data: We will not rent or sell your information into third parties outside wikiHow and its group companies (including any parent, subsidiaries and affiliates) without your consent.APF Nexus Software will not rent or sell your information to third parties. Log file information is automatically reported by your browser or mobile device each time you access the Service. When you use our Service, our servers automatically record certain log file information. The management of this information and its security is the responsibility of the hosting company and any further information regarding the service should be consulted directly on their terms and conditions page.
- In the event of change of management: We may buy or sell/divest/transfer the company (including any shares in the company), or any combination of its products, services, assets and/or businesses. Your information such as customer names and email addresses, User Content and other user information related to APF Nexus Software may be among the items sold or otherwise transferred in these types of transactions. We may also sell, assign or otherwise transfer such information in the course of corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, similar transactions or proceedings involving all or a portion of the company. You will be notified in case of these changes.
Keeping the information safe
AAPF Nexus cares about the security of your information, and uses commercially reasonable safeguards to preserve the integrity and security of all information collected through the Service. To protect your privacy and security, we take reasonable steps (such as requesting a unique password) to verify your identity before granting you access to your account. This access is encrypted by SSL (secure socket layer). However, we cannot ensure or warrant the security of any information you transmit to APF Nexus or guarantee that information on the Service may not be accessed, disclosed, altered, or destroyed.
Your Choices about your information
Current APF Nexus Software clients may update account information preferences at any time by emailing: firstname.lastname@example.org.
We reserve the right to maintain and disclose any data in the event of a lawsuit.
Links to other websites and service