The General Data Protection Regulation was drawn up in 2016 but compliance has been enforced on 25th May 2018. (General Data Protection Regulation).
It strengthens the data rights of EU residents and harmonises data protection law across all member states, making it identical.
It also addresses the export of personal data outside the EU and EEA. The regulation contains provisions and requirements pertaining to the processing of personally identifiable information.
According to the European Commission, “personal data” is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information or a computer’s IP address.
Consent must be explicit for data collected and the purposes data is used for. (General Data Protection Regulation) Citizens have the right to access their personal data and information about how this personal data is being processed. When data is collected, users must be clearly informed about the extent of data collection, the legal basis for processing of personal data, how long data is retained, if data is being transferred to a third-party and/or outside the EU, and disclosure of any automated decision-making that is made on a solely-algorithmic basis. The data subject has the right to request erasure of personal data related to them on any one of a number of grounds.
In the private sector, processing is carried out by a controller whose core activities consist of processing operations that require regular and systematic monitoring of the data subjects. Users must be provided with contact details for the data controller and their designated Data Protection Officer.
To be able to demonstrate compliance with the GDPR, the data controller must implement measures which meet the principles of data protection by design and by default. Data protection by design and by default require data protection measures to be designed into the development of business processes for products and services. It is the responsibility and the liability of the data controller to implement effective measures and be able to demonstrate the compliance of processing activities even if the processing is carried out by a data processor on behalf of the controller.
Under new GDPR legislation the data controller must ensure that no sensitive personal data are used for profiling, unless prior consent was obtained and suitable privacy safeguards are used. Profiling is defined in the GDPR as «any form of automated processing of personal data consisting of the use of personal data to evaluate certan personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements».
When data is collected, the data controller must inform the subject that profiling will occur and explain “the logic involved” and “the envisaged consequences of such processing”. The data subject has the right to ask for information of any such processing, including profiling and its consequences, at any time.
We collect and monitor information that you provide us when searching our site for product information or when requesting promotional codes or filling out our contact form. We collect information from users who have consented to this privacy statement in accordance to law art. GDPR UE: 30 1-2 UE 2016/679.
We retain data for an unlimited period of time but of course it is your right to demand the cancellation of any of it. We reserve the right to delete specific information in case of failure of use of our Services on your behalf. In this case information will be automatically deleted after 10 years.
Consent will always be sought when using your information for purposes other than those described in the policy. It is your right not to provide it but if you do not consent to any of the terms described in the policy, APF Nexus will not be able to supply you with its products.
AAPF Nexus cares about the security of your information, and uses commercially reasonable safeguards to preserve the integrity and security of all information collected through the Service. To protect your privacy and security, we take reasonable steps (such as requesting a unique password) to verify your identity before granting you access to your account. This access is encrypted by SSL (secure socket layer). However, we cannot ensure or warrant the security of any information you transmit to APF Nexus or guarantee that information on the Service may not be accessed, disclosed, altered, or destroyed.
Current APF Nexus Software clients may update account information preferences at any time by emailing: firstname.lastname@example.org.
We reserve the right to maintain and disclose any data in the event of a lawsuit.