GDPR

Frequently Asked Questions

What is the General Data Protection Regulation (“GDPR”)?

The GDPR is the data protection legislation which became applicable in the European Union that started on May 25th, 2018, replacing the previously existing European rules and regulations.

The GDPR sets out a unified legal framework for the protection of EU natural persons with regard to the processing of their Personal Data.

What is Personal Data?

Personal Data (“Personal Data”), as defined in article 4.1 of the GDPR means any information relating to an identified or identifiable natural person.

An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. These identifiers include but are not limited to, email addresses, physical addresses, IP addresses etc.

How does Diligend comply with the GDPR?

Diligend has always taken the protection of its clients data very seriously and continuously reviews and adjusts Diligend’s internal processes to ensure compliance with the GDPR.

In this respect, many technical and organizational measures have been implemented in order to protect the Personal Data of its clients.

Why does Diligend collect and process Personal Data?

Diligend Technology is not meant to collect and process Personal Data.

When the collection and processing of Personal Data does happen, Diligend, as a data processor, collects and processes, under clients’ instructions, clients’ Personal Data through the Diligend technology subscribed to by cclients, which may include software as a service (SaaS), mobile applications and software hosted by Diligend (“Diligend Technology”), as well as while providing to clients, maintenance and support services and related professional services, if applicable. Therefore the processing and collection of clients’ Personal Data by Diligend is only done under the instructions of the clients and for the purposes of making the functionalities and associated services to which the clients subscribed, available to them.

How does Diligend comply with the data privacy by design requirements?

Diligend has always built its technology with the objective of safeguarding the security and confidentiality of Personal Data of its clients. Diligend Technology includes a functionality enabling clients to define which Personal Data can be used and allow them to limit the collection of Personal Data to the specific purpose of data processing defined by clients. Whenever necessary, Personal Data fields can be configured. The storage of Personal Data can be limited, and clients responding to data subject requests are able to manually access the data, add, rectify, delete or export the data.

What kind of security measures are implemented by Diligend to protect clients’ Personal Data?

Diligend implements and maintains an information security management system to secure its clients’ Personal Data that is processed by Diligend in the framework of the services subscribed by clients.

Where clients’ Personal Data is hosted by Diligend, Diligend relies on the technical and organizational measures implemented by AWS, which offer various features to secure clients’ Personal Data.

Diligend is also ISO27001 compliant and SOC 2 Type I, II and III compliant.

Where are Diligend’s servers located?

The location may vary depending on the clients’ specific requests, determined during contract negotiations. For clients located within the European Economic Area (“EEA”), the servers hosting the clients’ Personal Data could be located within the European Union.

Has Diligend appointed a Data Protection Officer (“DPO”)?

Although the appointment of a DPO is not an obligation for Diligend under the GDPR, Diligend provides a single point of contact to address any data protection issues. Any data subject may contact us at privacy@diligend.com to exercise their rights.

 

One tool for all your metrics