GDPR Frequently Asked Questions
What is the GDPR?
The General Data Protection Regulation (GDPR) is a new European privacy law that goes into effect on May 25, 2018. The GDPR will replace the EU Data Protection Directive, also known as Directive 95/46/EC, and will apply a single data protection law throughout the EU.
Data Protection laws govern the way that businesses collect, use, and share personal data about individuals. Among other things, they require businesses to process an individual’s personal data fairly and lawfully, allow individuals to exercise legal rights in respect of their personal data (for example, to access, correct or delete their personal data), and ensure appropriate security protections are put in place to protect the personal data they process.
We have taken steps to ensure that we will be compliant with the GDPR by May 25, 2018.
Who does the GDPR apply to?
The GDPR applies to all entities and individuals based in the EU and to entities and individuals, whether or not based in the EU, that process the personal data of EU individuals. The GDPR defines personal data as any information relating to an identified or identifiable natural person. This is a broad definition and includes data that is obviously personal (such as an individual’s name or contact details) as well as data that can be used to identify an individual indirectly (such as an individual’s IP address).
What is SURE24’s role under GDPR?
We act as a Data Processor under the GDPR.
SURE24 as a Data Processor: When customers use our products and services we act as a data processor. For example, we will be a processor of personal data and information that gets entered onto our website. This means we will in addition to complying with our customers' instructions, need to comply with the new legal obligations that apply directly to processors under the GDPR.
What have we done to comply with GDPR?
We have conducted an extensive analysis of our operations to ensure we comply with the new requirements of the GDPR. With the help of external advisors, we have reviewed our products and services, customer terms, privacy notices and arrangements with third parties for compliance with the GDPR. We can confirm we will be fully compliant with the GDPR by May 25, 2018.
What Personal Data do we collect and store from our customers?
We store data that customers have given us voluntarily. For example, in our role as data processor we may collect and store contact information, such as name, email address, phone number or physical address when customers sign up for our products and services or seek support help. We may collect other identifying information from our customers, such as IP address and PayPal ID.
What is the SURE24 Data Processing Agreement ("DPA")?
Customers that handle EU personal data are required to comply with the privacy and security requirements under the GDPR. As part of this, they must ensure that the vendors they use to process the EU personal data also have privacy and security protections in place. Our DPA outlines the privacy and security protections we have in place. We are committed to GDPR compliance and to helping our customers comply with the GDPR when they use our services. We have therefore made our DPA available to all our customers and it can be found here: Data Processing Agreement.
Are customers required to sign the SURE24 DPA?
In order to use our products and services, you need to accept our DPA, which we have provided a link to on our website: Data Processing Agreement. By agreeing to our terms of service, you are automatically accepting our DPA and do not need to sign a separate document.
Can a customer share SURE24’s DPA with its customers?
Yes. The DPA is a publicly available document and customers who wish to share it with their customers to confirm our security measures and other terms may feel free to do so.
Do customers need to notify anyone upon accepting our DPA?
No. You are not required to notify us or any third party upon accepting our DPA though, as mentioned above, you are free to do so.
Are there unique DPA needs for individual countries?
The GDPR applies to all of the EU and we offer a DPA that is compliant in all EU countries.
Do we transfer data internationally?
No. The GDPR replicates the Data Protection Directive restrictions on transferring data outside the EU and prohibits the export of personal data outside of the EU to non-EU recipients unless the export meets certain criteria.
How do we handle delete instructions from customers?
Customers have the ability to remove or delete information they have uploaded to our website. Likewise, customers may deactivate their account and request that all personal data we have collected and stored is deleted.
Email firstname.lastname@example.org or call +44 (0)1949 836 990 and ask for the Data Processing Team.