This GDPR Compliance was last updated on June 1, 2018
Uploaded on June 1, 2018
Following the interests of the EU residents, SignOnTheGo® guarantees full compliance with the General Data Protection Regulation (GDPR). This regulation applies strict conditions on the way an organization collects, shares and manages user data. GDPR also extends the rights of customers, giving them greater control over their personal data.
On May 25, 2018, the General Data Protection Regulation (GDPR) comes into effect within the European Union. This data privacy law regulates how businesses collect, process and use personal data as well as gives individuals greater control over their personal data. SignOnTheGo® considers the privacy of its user’s data a top priority. Learn what our team has done to fully comply with GDPR laws.
- The Company processes personal data for purposes related to the negotiations and performance of an IT Services, e.g. for the purposes necessary to perform the IT Services (legal basis – Art. 6.1b of the GDPR) – this concerns customers who are natural persons and are parties to the contract with the Company.
- Personal data is also processed in order to comply with obligations resulting from legal provisions, e.g. tax regulations and other provisions that apply to the Company (legal basis – Art. 6.1c of the GDPR).
- The Company may process your personal data for administrative purposes, conducting internal policies, financial planning, debt collection, processing inquiries and complaints, pursuing claims and defending against claims, verification of compliance with internal procedures, marketing of Company’s products and services i.e. for purposes of the legitimate interest of the Company (legal basis – Art. 6.1f of the GDPR).
- In other cases, the Company may process personal data based on a voluntary consent to the processing of data and for the purposes indicated in such consent. Then a legal basis for processing is the customer’s consent (legal basis – Art. 6.1a of the GDPR). If you don’t provide personal data to the Company, you may be restricted from entry into the contract, performance of the contract including remittance of payment, which means that collection of data is necessary for this purpose, results from the provisions of law and is a condition of concluding a contract. The provision of personal data in order to fulfill the legitimate interest of the Company is voluntary but necessary for the achievement of the above objectives. In the case of consent, providing personal data by the customer is voluntary, and not giving such consent has no negative consequences.
Customer documents and information therein are encrypted and accessible only by the customer. We also encrypt critical system databases. All of SignOnTheGo’s systems limit any personal information therein and ensure sensitive data is encrypted
SignOnTheGo, LLC. allows users to request deletion of personal data and means to notify customers of requests from their users.
We’ve modified our vendor agreement to ensure that our vendors are in compliance with GDPR requirements.
SignOnTheGo staff is obligated to maintain the confidentiality and security of customer data. We’ve updated our training policies to reinforce our security and privacy policies.
SignOnTheGo complies with major security standards and regulations such as PCI DSS, SOC 2 and the U.S. ESIGN act of 2000. These standards help us manage customer data, preserving security and confidentiality as required under GDPR.
The Company retains the personal data for the period as required by the law. The Company may retain the data which may be used for proving the existence of the IT Services and the performance of such IT Services for the period of the IT Services and by the time all the rights or obligations under the contract are terminated or may retain data until the expiration of the claim limitation period, whichever is longer – in accordance with the data retention policies applied by the Company
The Company will delete the personal data without delay when the purpose of personal data processing is achieved, or the retention period is expired unless the personal data is necessary or mandatory by the laws or the contract with the third party. In case of the personal data in the form of the paper, the Company uses the paper shredder to dispose of such data or incinerate the paper, and in case of the personal data in the form of the electronic files, the Company deletes the data by using the means which preclude any restoration of such data.
SignOnTheGo, LLC, the Company, for administrative and work efficiency purposes, collaborates with SmarTech-IT SP. Z.O.O., it’s affiliate entity to manage your personal data. The Company and its affiliate, SmarTech, has entered into the EU standard data protection clauses as required by the GDPR. SmarTech-IT will access your personal information such as name, email, phone number in the Company’s systems in order to manage and maintain the appropriate services.
Personal data shall be processed to the extent of “Purpose and legal grounds of processing personal data” and, without prior notice, shall not be processed beyond such scope and purpose. The personal data is transferred through secured cable or VPN and the Company adopted technical and organizational measures necessary to ensure transferred personal data is not lost, stolen, disclosed, altered or destructed.
- The Company has the obligation and responsibility to ensure the rights of data subject with regard to personal data in the Company retained in any form such as electronic files, papers.
- The laws may grant the customer (or its representatives) specific rights in connection with the processing of personal data by the Company. In situations specified in the regulations, the customer has the right to access their data, rectify it, delete, and restrict the processing of personal data, the right to object to the processing of personal data and the right to data portability.
- The data subject may exercise its rights by contacting the personal data protection department/team as the specified information below and upon receiving your fax, phone or email, the Company will promptly respond. The Company may demand the data subject a copy of identification by which the Company can verify the identity of the data subject.
- The Company may request the Power of Attorney and the copy of identification by which the Company can verify the existence of legitimate delegation to the representative of the data subject if the data subject exercises its rights through its representative.
- If the personal data are processed under the data subject’s consent, the data subject may withdraw its consent at any time without prejudice to the lawfulness of personal data processing before data subject’s withdrawal of consent.
The Company does not adopt any automated decision making including profiling which produces legal effects concerning the data subject or similarly significantly affects the data subject The Company will give prior notice to you about the logic, necessity, expected results of the automated decision-making system if the Company expects to adopt any automated decision-making system.
If you are not satisfied with the Company’s response to your complaint regarding your rights on personal data and you need further assistance, you may file a complaint with the Supervisory Authority (e.g., the President of Data Protection Authority). The Supervisory Authority is a separate organization not affiliated with the Company.
For more information about your rights to your personal data, please contact us: firstname.lastname@example.org