The General Data Protection Regulation
The General Data Protection Regulation (GDPR) very significantly increases the obligations and responsibilities for organizations and businesses in how they collect, use and protect personal data. At the center of the new law is the requirement for organizations and businesses to be fully transparent about how they are using and safeguarding personal data, and to be able to demonstrate accountability for their data processing activities.
GDPR is also technology neutral, meaning it protects personal data regardless of the technology used or how the personal data is stored. Regardless of whether your business processes and stores personal data using a complex IT system or via paper-based files, you will be governed by the GDPR.
The GDPR places direct data processing obligations on companies at an EU-wide level. According to the GDPR, a company can only process personal data under certain conditions. For instance, the processing should be fair and transparent, for a specified and legitimate purpose and limited to the data necessary to fulfill this purpose.
It must also be based on one of the following legal grounds:
- The consent of the individual concerned.
- A contractual obligation between you and the individual.
- To satisfy a legal obligation.
- To protect the vital interests of the individual.
- To carry out a task that is in the public interest.
- For your company’s legitimate interests, but only after having checked that the fundamental rights and freedoms of the individual whose data you are processing are not seriously impacted.
- If the person’s rights override your interests, then you cannot process the data
The General Data Protection Regulation (“GDPR”) is the new legal framework effective from May 25, 2018, in the European Union (“EU”), and will be directly applicable in all EU Member States from that date.
If a company based in the United States, or another non-EU country, collects or processes personal data of any employee, prospect, customer, partner, or supplier that is based in the EU, that company will need to be compliant with the GDPR.
Do We transfer your information Outside The European Union or European Economic Area?
Yes. We may share your personal data with our entity in the United States and with other third-party service providers which are either located in other countries or store information in other countries.
In those circumstances, the data that we collect from you may be transferred to, and stored at the United States, India and the Philippines, each of which are outside of European Economic Area (“EEA”) and for which there are no adequacy decisions from the European Commission relating to the safeguards for personal data.
A number of our third-party service providers
You may obtain a copy of those safeguards by contacting our Privacy Officer.
Vistatec has procedures in place to manage the GDPR including a Privacy Officer.
If you have any questions or comments about privacy issues please write to:
Vistatec Privacy Officer, Vistatec House 700 South Circular Road, Kilmainham, Dublin 8, Ireland or email [email protected]
Vistatec Holdings Limited, registered in Ireland with company number 397629 and whose registered address is at Vistatec House 700 South Circular Road, Kilmainham, Dublin 8, Ireland.