As you probably know there is new EU legislation, called the General Data Protection Regulation, coming into place on May 25th 2018.
This new regulation has been designed to give people more control of their personal information. As such, we want to let you know exactly what information we store about you, what we do with it and crucially, how you can get access to it.
The EU General Data Protection Regulation (GDPR) replaces the existing privacy regulations and was designed to align data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy.
The UK’s independent regulatory body for data protection and privacy, the Information Commissioner’s Office (ICO), outlines the main responsibilities for organisations, including RAMP, under GDPR – requiring that personal data must be:
“a) processed lawfully, fairly and in a transparent manner in relation to individuals;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
Based on our self-assessment and that of external counsel, we are fully compliant as of the 25th May 2018.
Includes documenting our processing procedures and understanding what processes we need to implement at a company level to comply with GDPR – e.g. privacy by design, additional data handling training.
Documented exactly what information we capture, assess what is essential for us deliver our service to users, audit our vendors and understand what product updates were required to meet GDPR.
They now include updated rules, inline with GDPR, which you must agree to follow in order to use RAMP.
They now include information, which outlines what exactly we do with your data and why we do it. Read them here.
Includes minimising the amount of personal information we store, process and share with vendors to provide you with the service. We’ve also updated your account handling capabilities in order for you to exercise your subject access rights.
That’s what this document and the emails we’ve sent you are all about.
If you’re in need of more information, we recommend to ICO’s guide on GDPR, which is a great resource designed to help you understand GDPR better – note clicking on them will take you to an external website:
We collect the following information about you:
We will inform you at the point of collecting information from you, whether you are required to provide the information to Us and why we are collecting this information.
We do not collect any special categories of personal information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Drift, has been selected based on the fact that they are self-certified under the EU-US Privacy Shield – one approach under which personal data of EU citizens is allowed to be transferred to the US as it guarantees the required standards for safe transfer and storage are met.
We encrypt all your data and our website and storage processes are all architected for security.
Yes, we can provide you with all your data and delete everything if you request it. This also includes any data held by our 3rd party providers.
All team members are responsible for data protection here. You can reach us at firstname.lastname@example.org.
You can read it here.
Book a demo with our team to learn more about RAMP