GDPR compliance policy
Our Commitment to You and the Protection of Your Data
We're committed to helping our customers understand and prepare for the General Data Protection Regulation (GDPR). The GDPR is the most significant piece of European data protection legislation to be introduced in 20 years and it replaces the 1995 EU Data Protection Directive.
The GDPR will be applicable to every organisation which deals with personally identifiable data of EU citizens, regardless of where the organisations themselves are located. On this page, we'll explain the methods and ways we handle personal data to achieve GDPR compliance, both for ourselves and for our customers.
- Personal Data refers to information about a living individual, which means that they can be identified (a) from that data, or (b) from that data and any other information which is, or could in the future, come into the possession of the data controller. This includes names, identification numbers, location data, and online identifiers.
- Processing refers to any operation which is performed upon or applied to personal data, whether undertaken manually or by automated means, including its acquisition, organisation, storage, retrieval, consultation, amendment, availability, disclosure, erasure or destruction - it is difficult to think of anything an organisation might do with data that will not be processing.
- Data Subject refers to an individual who is the subject of personal data.
- Data Controller refers to the person, organisation, public authority, agency or another body who, either alone or with others, determines the purposes for which and the manner in which any personal data is to be processed, and defines the controls required for such Processing.
- Data Processor refers to any person or organisation (other than an employee of the Data Controller) who undertakes the Processing of personal data on behalf of the Data Controller.
- Data Subject Consent refers to the Data Subject’s approval or agreement for an activity to take place, having given consideration to the benefits and risks of the activity. For consent to be valid, the data subject needs to be informed, have the capacity and knowledge to make a decision, and to have given their consent voluntarily. Specific requirements need to be met in connection with the consent which is given by Children, including validating parental consent and the age of the Child.
A Quick Summary
Here is a quick summary of other important GDPR rules:
- Stringent consent requirements:
Under GDPR, organisations will need to collect unambiguous, freely given, specific and informed consent to be used and stored. This means pre-ticked boxes, inactivity or consent-by-default will not be a valid way to get it. Also, consent should be as easy to withdraw as to give.
- Enhanced individual rights:
Individuals will have enhanced rights to access, update or delete their data at any time. This means organisations will have to make this information freely available. Also, in a few cases, individuals will have the right to a copy of his/her data in a structured format which they can transfer to others.
- Data breach reporting:
In the event of a data breach, organisations must notify the concerned authorities (i.e. Information and Data Protection Commissioner) within 72 hours. If the data breach is likely to cause a higher risk to the freedom and rights of individuals, then they will have to be notified as well.
- Significant penalties:
If organisations fail to comply with GDPR, they will have to undergo significant sanctions of up to €20million or 4% of turnover, whichever is greater.
OUR POLICY STATEMENT
This GDPR Compliance Data Protection Policy shall:
- Apply to all SMSwarriors activities which related to the Processing of Personal Data, either as Data Controller or as Data Processor acting under the lawful instructions of a third party.
- Shall apply to all ways in which Personal Data is acquired, received, processed, stored, amended, disclosed and erased by SMSwarriors. This shall include Company data, as well as personal data owned by an external organisation, and entrusted to the Company under a contract which specifically communicates data protection requirements.
- Ensure that the rights of Data Subjects under GDPR are upheld by SMSwarriors.
- Be communicated to all employees, contractors, third party user, external Data Processors, and any other organisation or individual with a bona-fide need to access Personal Data held by or entrusted to SMSwarriors.
To fully comply with EU GDPR, SMSwarriors had:
- Thoroughly researched and prepared a list of all types of personal information it holds, the source of that information, who it shares with, what it does with it and how long the data is kept.
- Prepared a list of places where it keeps personal information and the ways data flows between them.
Accountability & Management
To fully comply with EU GDPR, SMSwarriors had:
- Appointed a Data Protection Officer (DPO)
- Created awareness among decision makers about GDPR guidelines.
- Made sure that the technical security is up to date.
- Trained staff to be aware of data protection.
- Established procedures to report data breaches involving personal data to the local authority and to the people (data subjects) involved.
- Made a contract in place with the data processors that it shares data with.
- Prepared and made sure that there is a Data Processing Agreement (DPA) available to existing customers.
As a part of our GDPR Compliance journey and data subject rights, our customers can easily:
- Request access to their personal information.
- Update their own personal information to keep it accurate.
- Deletion of their personal data
- Request to stop processing their data
- Request that their data be delivered to themselves or a third party.
- Object to profiling or automated decision making that could impact them.
As a part of our GDPR Compliance journey and consent rules, SMSwarriors warrants that:
- Data subject's consent is obtained when it starts processing a person's information.
- It is easy for the customers to withdraw consent as it was to give it in the first place.
- It processes children's personal data, verifies their age and asks consent from their legal guardian.
- It informs existing customers when it updates the privacy phttp://cookie-policyolicy.