GDPR

Sayint has operations in European Union since long, and thus we are committed to compliance, security, privacy and transparency. This approach ensures the customers that we at Sayint are improving our procedures to collect, process and encrypt sensitive personal data in accordance with the requirements, set out in the General Data Protection Regulation (“GDPR”), which was enforced on 25th May 2018. Sayint Inc is here to help customers and end-users understand significance of the GDPR, its requirements and our adherence to comply by global standards.

Introduction to GDPR

The General Data Protection Regulation 2016/679 (GDPR) replaces the existing data protection regimes in place throughout the European Union (EU), including the UK. It introduces a number of new obligations and requirements on controllers and processors. Compliance with the new regulations will be of even greater importance following the enforcement date of 25th May 2018, because the GDPR has substantially increased the fines that can be imposed by the relevant regulatory bodies in the event of a breach – now up to a maximum of € 20 million or 4% of annual global turnover, whichever is higher.

GDPR Application

Personal Data of EU citizen in one or the other way could be collected when using Sayint while we create databases of contacts, their information, and business dealings with them. “Data Subjects” are classified as an individual hence, not all customers will be data subjects. Businesses or government organizations are also our customers to which GDPR does not apply to.

Sayint Compliance to GDPR

We are actively engaged in developing policy and procedures to comply with the principles of data protection enumerated in EU GDPR. Our best effort is to protect personal data in accordance with the principles mentioned below and comply with the Data Protection Standards.

  • Lawful, fair and transparent

    There is transparent, lawful and fair process for Personal data collection and its use at Sayint

  • Data Minimization

    Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

  • Limited for its purpose

    We collect data for specified, explicit and legitimate purposes and not further processed in manner that is incompatible with those purposes.

  • Retention

    Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

  • Accurate

    Any data we hold is accurate and kept up to date.

  • Secure

    Personal data is securely processed, thus providing protection against unauthorized or unlawful processing, accidental loss, destruction or damage by using appropriate technical and organizational measures.

GDPR Obligations and Compliance

Sayint is committed to security, privacy and transparency of customer’s data and compliance to data protection requirements with respect to General Data Protection Regulation(“GDPR”). We assure our customers’ that Sayint has updated the features and functionality of their product and services to comply with the GDPR obligations. Here are some features that can support GDPR Compliance.

GDPR ObligationsCompliance by Sayint
Accountability and TransparencySayint’s Privacy Policy and Supporting Policies ensures transparent communications with the data subjects specifying notice to inform its customers.
Sayint also offers Data Processing Agreement for cross-border transfers of personal data from the EU.
Rights to Access and RectifySayint offers their client to access their profiles to amend inaccuracies or rectify any errors.
Right to be ForgottenSayints’ customers can delete or erase their profile if the processing is not justified. Customers must make a request through email to Sayint to process for deletion.
Right to Restrict ProcessingThe processing of personal data of the customers is limited for specified purpose related to the Sayint products and Services by documenting and implementing internal mechanisms.
Right to Data PortabilityProvide data subjects with the right to transfer their personal data between data controllers.
Right to Object ProcessingSayint has documented and implemented internal mechanisms to stop processing upon specific data subject requests, for direct marketing purpose upon request, for any other statistical or scientific purposes.

Exceptions

Sayint doesn’t process any data subject requests until and unless for the following reasons:

Frequently Asked Questions

  • What is Personal Data ?

    Any data relating to an identified or identifiable natural person (‘Data Subject’) such as name, address, email address, phone number, educational background, financial details, educational details, nationality etc.

  • Who are Data Controllers, Data Processor, and Data Subjects ?

    • Data Controller: Controls purpose and means of processing. Direct responsibility to data subject and data protection authority.

    • Data Processor: Acts on instructions of Data Controller. Direct responsibility to data subject and data protection authority.

    • Data Subject: Persons in the EU

  • Who is Data Protection Officer (DPO)? Do you have any dedicated DPO ?

    The DPO is responsible for informing employees of their compliance obligations as well as conducting awareness trainings, monitoring, and audits required under GDPR. Yes, we have dedicated DPO. Any queries related to GDPR can be answered at contact@sayint.ai.

  • Do you have processes in place for data breach ?

    Yes, we have data breach procedures in place that enables us to react immediately and thus notifying the affected parties within 72 hours of the breach. Data processors will also be required to notify their customers, the controllers, “without undue delay” after first becoming aware of a data breach.

  • What are the advantages of using cloud or Software-as-a-Service (SaaS) for GDPR compliance ?

    Foremost advantage of using cloud services or SaaS is that the provider is already operating on a secure model for data management. This provides a safe environment to manage and process our data, and also accommodate efforts required to keep pace with changing policies.

  • For how long do you store customer data ?

    We store customers’ data for the time of using our services or until they request to delete their data.

  • How do you handle Data subject’s rights?

    Data Subjects have a right to have Access and Delete their personal data. We at Sayint immediately take action on request for Access or Deletion of their data by verifying the identity of anyone making a subject access request.

  • Where is your customer data physically stored ?

    Data of our customers are stored in datacenters hosted by Microsoft Azure and Amazon AWS

  • Does GDPR require EU data to stay in the EU ?

    No, it doesn’t place any restrictions on transfer of personal data outside the EU and thus it is not required EU personal data to stay in EU. Data transfers to and fro from EU can be legitimized in various ways which includes EU-US Privacy Shield, Model or Contractual clauses etc.

  • How Privacy and “Privacy by Design” are handled by Sayint ?

    Our Privacy Policy describes how we handle and protect customer information. We have internal Compliance team who monitors GDPR and other compliance initiatives to stay updated with regulatory requirements.
    We have procedures in place for Privacy Impact Assessments which enables us to design a Business process handling personal data and its protection. The GDPR is making privacy by design a major provision and, as a consequence, the inclusion of data protection as a key design element becomes an integral objective of any system design, at the very onset.

Contact Us

If you want more advice and help, get in touch with us at contact@sayint.ai today.

Additional Resources