The European Union’s General Data Protection Regulation, or GDPR, enhances the existing framework for companies that process the personal data of EU-based residents. It comes into effect on May 25, 2018, bringing with it a host of new obligations for those companies, and new privacy rights for their end users. Processing data can mean many things, from collecting data to storing and using it. Organizations large and small that process the personal data of EU-based individuals are now preparing for the new regulation, and piLOBI is no exception.
GDPR also applies to Organizations located outside the EU
Unlike the Data Protection Directive, the GDPR is relevant to any globally operating company, not just those located in the EU.
Under the GDPR, organizations may be in scope if (i) the organization is established in the EU, or (ii) the organization is not established in the EU but the data processing activities are with regard to EU individuals and relate to the offering of goods and services to them or the monitoring of their behaviour.
Definitions
GDPR - General Data Protection Regulation Act.
Data Processor - Data Processor means any natural or legal person who processes the data on behalf of the Data Controller.
Data Subject - Data Subject is any living individual who is using our service and is the subject of Personal Data.
piLOBI GDPR Commitment
piLOBI gives utmost importance to the data privacy of its customers. In compliance with the GDPR regulation effective from May 25, 2018, piLOBI hereby confirms upon the data privacy, security & transparency commitment, the company offers to all its customers. We have an up-to-date Data Processing Agreement in place that elucidates our approach towards GDPR. We acknowledge that the GDPR will help us adopt the highest operational standards and will thereby facilitate to protect customer data in the best way possible.
What piLOBI is Doing to Support its Users in Meeting the Requirements of GDPR?
We are happy to support our users in meeting the requirements of GDPR. In addition to the updates to our Privacy Policy to reflect our new obligations, we implemented a process in place to support users seeking to export or access their personal data in a seamless way and trained our staff on how to build and design privacy-conscious products.
Principles for Processing Personal Data
Fairness and Lawfulness
When we process personal data, the individual rights of the Data Subjects must be protected. All personal data must be collected and processed in a legal and fair manner.
Restricted to a Specific Purpose
The personal data of Data Subject must be processed only for specific purposes.
Transparency
The Data Subject must be informed of how his/her data is being collected, processed and used.
What Personal Data We Collect and Process
In order to execute the Agreement, and in particular to perform the Services on behalf of Customer, Customer authorizes and requests that piLOBI Process the following Personal Data.
Customer Information
Information that we may collect from your use of the piLOBI websites and your interactions with us offline such as.
Contact Information
Name, home address, telephone or mobile number, email address, and passwords, Address, State, Province, ZIP/Postal code, City.
Financial Information
Credit card’s number and billing information (tax id, number of the payer VAT, billing address, billing email, where invoices are sent); Credit card number is handled by Network.ae (our payment gateway), by Paypal, or other types of payment ; piLOBI only charges your credit card for payments. piLOBI deal with customer information according to the terms of our general.
Privacy Policy
Services Data
Data that resides on piLOBI, customer or third-party systems to which piLOBI has provided access to perform services.Data stored and processed by users, such as: source code for the application, databases that the applications use, files generated by applications, the history of operations performed by users.
Log File Information
Three types of logs are saved by piLOBI’s system: Connection logs which are essentially logs from each request to each application. These connection logs may include information such as the web request, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, domain names, landing pages, pages viewed and other such information.The second type of logs are application logs, which are produced by each application of our customers. piLOBI does not have control over the content of these logs. The control of application logs as Personal Data remains with the Customer. Timeline event logs which are a record of alerts and notifications that can help piLOBI to identify and diagnose the source of current system problems and help predict future problems. piLOBI processes Customer information according to the terms of its Privacy policy and treats services data as confidential in accordance with the terms of your order for services.
How We Use the Personal Data
piLOBI uses the collected personal data for various purposes
- To provide you with services
- To notify you about changes to our services and/or products
- To provide customer support
- To gather analysis or valuable information so that we can improve our services
- To detect, prevent and address technical issues
Legal Basis for Collecting and Processing Personal Data
piLOBI legal basis for collecting and using the personal data described in this Data Protection Policy depends on the personal data we collect and the specific context in which we collect the information
- piLOBI needs to perform a contract with you.
- You have given piLOBI permission to do so
- Processing your personal data is in piLOBI legitimate interests.
- piLOBI needs to comply with the law.
Retention of Personal Data
piLOBI will retain your personal information only for as long as is necessary for the purposes set out in this Data Protection Policy. piLOBI will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.
Data Protection Rights
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. If you wish to be informed about what personal data we hold about you and if you want it to be removed from our systems, please contact us. In certain circumstances, you have the following data protection rights:
- The right to access, update or to delete the information we have on you
- The right of rectification
- The right to object
- The right of restrictio
- The right to data portability
- The right to withdraw consent
Non-Compliance
The most referenced consequence of non-compliance with the GDPR is the maximum fine that can be levied against a non-compliant organization. The maximum fine that may be levied is 4% of global revenue or 20 million EUR, whichever is higher. Certain other types of infringements carry a maximum fine of 2% of global revenue, or 10 million EUR, whichever is higher. Less frequently referenced are the data protection authorities’ (“DPAs’ ”) powers under Art. 58 of the GDPR. These powers include the ability for the DPAs to impose corrective actions, such as a temporary or definitive limitation on data processing activities, including a complete ban on data processing, or to order the suspension of data flows to a recipient in a third country.
Our GDPR Readiness Checklist
- DPA updated
- Terms of service updated
- Privacy Policy updated
- Data Protection Officer appointed
- GDPR training given to all employees that handle customer data
For complete information, please refer to our DPA, terms of service & privacy policy documents. If you have any specific questions, please feel free to write to our Data Protection Officer at sales@pilobi.com. Our GDPR team will be more than happy to answer your queries.