- What is the General Data Protection Regulation (“GDPR”)?
The GDPR is the new data protection legislation which becomes applicable in the European Union starting May 25th, 2018, replacing the previously existing European rules and regulations.
The GDPR sets out a unified legal framework for the protection of EU natural persons with regard to the processing of their Personal Data.
- What is Personal Data?
Personal Data (“Personal Data”), as defined in article 4.1 of the GDPR, means any information relating to an identified or identifiable natural person.
An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. These identifiers include, but are not limited to, email addresses, physical addresses, IP addresses etc.
- How will Diligend comply with the GDPR?
Diligend has always taken the protection of its clients’ data very seriously and is actively working on continuously reviewing and adjusting Diligend’s internal processes to ensure compliance with the GDPR.
In this respect, many technical and organizational measures have been implemented in order to protect the Personal Data of its clients.
- Why does Diligend collect and process Personal Data?
Diligend Technology is not meant to collect and process Personal Data.
When the collection and processing of Personal Data does happen, Diligend, as a data processor, collects and processes, under clients’ instructions, clients’ Personal Data through the Diligend technology subscribed to by clients, which may include software as a service (SaaS), mobile applications and software hosted by Diligend (“Diligend Technology”), as well as while providing to clients maintenance and support services and related professional services, if applicable. Therefore, the processing and collection of clients’ Personal Data by Diligend is only done under the instructions of the clients and for the purposes of making the functionalities and associated services to which the clients subscribed available to them.
- How will Diligend comply with the data privacy by design requirements?
Diligend has always built its technology with the objective of safeguarding the security and confidentiality of Personal Data of its clients. The Diligend Technology includes a functionality enabling clients to define which Personal Data can be used and to allow them to limit the collection of Personal Data to the specific purpose of the data processing defined by clients. Whenever necessary, Personal Data fields can be configured. The storage of Personal Data can be limited, and clients responding to data subject requests are able to manually access the data, add, rectify, delete or export the data.
- What kind of security measures are implemented by Diligend to protect clients’ Personal Data?
Diligend implements and maintains an information security management system to secure its clients’ Personal Data that is processed by Diligend in the framework of the services subscribed to by clients. Where clients’ Personal Data is hosted by Diligend, Diligend relies on the technical and organizational measures implemented by Amazon Web Services, which offer various features to secure clients’ Personal Data.
Diligend is also ISO 27001 compliant and aiming to be SOC 2 Type II compliant in 2021.
- Where are Diligend servers located?
The location may vary depending on the clients’ specific requests determined during contract negotiations. For clients located within the European Economic Area (“EEA”), the servers hosting the clients’ Personal Data could be located within the European Union.
- Has Diligend appointed a Data Protection Officer (“DPO”)?
Although the appointment of a DPO is not an obligation for Diligend under the GDPR, Diligend aims at providing clients with a single point of contact to address any data protection issues. For any data subject may contact us at email@example.com to exercise his/her rights.