Sayint has operations in European Union since long, and thus we are committed to compliance, security, privacy and transparency. This approach ensures the customers that we at Sayint are improving our procedures to collect, process and encrypt sensitive personal data in accordance with the requirements, set out in the General Data Protection Regulation (“GDPR”), which was enforced on 25th May 2018. Sayint Inc is here to help customers and end-users understand significance of the GDPR, its requirements and our adherence to comply by global standards.
Introduction to GDPR
The General Data Protection Regulation 2016/679 (GDPR) replaces the existing data protection regimes in place throughout the European Union (EU), including the UK. It introduces a number of new obligations and requirements on controllers and processors. Compliance with the new regulations will be of even greater importance following the enforcement date of 25th May 2018, because the GDPR has substantially increased the fines that can be imposed by the relevant regulatory bodies in the event of a breach – now up to a maximum of € 20 million or 4% of annual global turnover, whichever is higher.
Personal Data of EU citizen in one or the other way could be collected when using Sayint while we create databases of contacts, their information, and business dealings with them. “Data Subjects” are classified as an individual hence, not all customers will be data subjects. Businesses or government organizations are also our customers to which GDPR does not apply to.
Sayint Compliance to GDPR
We are actively engaged in developing policy and procedures to comply with the principles of data protection enumerated in EU GDPR. Our best effort is to protect personal data in accordance with the principles mentioned below and comply with the Data Protection Standards.
Lawful, fair and transparent
There is transparent, lawful and fair process for Personal data collection and its use at Sayint
Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Limited for its purpose
We collect data for specified, explicit and legitimate purposes and not further processed in manner that is incompatible with those purposes.
Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Any data we hold is accurate and kept up to date.
Personal data is securely processed, thus providing protection against unauthorized or unlawful processing, accidental loss, destruction or damage by using appropriate technical and organizational measures.
GDPR Obligations and Compliance
Sayint is committed to security, privacy and transparency of customer’s data and compliance to data protection requirements with respect to General Data Protection Regulation(“GDPR”). We assure our customers’ that Sayint has updated the features and functionality of their product and services to comply with the GDPR obligations. Here are some features that can support GDPR Compliance.
|GDPR Obligations||Compliance by Sayint|
Sayint also offers Data Processing Agreement for cross-border transfers of personal data from the EU.
|Rights to Access and Rectify||Sayint offers their client to access their profiles to amend inaccuracies or rectify any errors.|
|Right to be Forgotten||Sayints’ customers can delete or erase their profile if the processing is not justified. Customers must make a request through email to Sayint to process for deletion.|
|Right to Restrict Processing||The processing of personal data of the customers is limited for specified purpose related to the Sayint products and Services by documenting and implementing internal mechanisms.|
|Right to Data Portability||Provide data subjects with the right to transfer their personal data between data controllers.|
|Right to Object Processing||Sayint has documented and implemented internal mechanisms to stop processing upon specific data subject requests, for direct marketing purpose upon request, for any other statistical or scientific purposes.|
Sayint doesn’t process any data subject requests until and unless for the following reasons:
The personal data is no longer needed in relation to the purposes for which it was collected or otherwise processed.
The data subject withdraws consent, and there are no other legal reasons for processing.
The data subject objects to processing, and there are no overriding legitimate grounds for processing.
The personal data has been unlawfully processed.
The personal data has to be erased for compliance with a legal obligation.
The personal data has been collected in relation to the offer of information society services to a minor under 16 years old.
Frequently Asked Questions
What is Personal Data ?
Any data relating to an identified or identifiable natural person (‘Data Subject’) such as name, address, email address, phone number, educational background, financial details, educational details, nationality etc.
Who are Data Controllers, Data Processor, and Data Subjects ?
Data Controller: Controls purpose and means of processing. Direct responsibility to data subject and data protection authority.
Data Processor: Acts on instructions of Data Controller. Direct responsibility to data subject and data protection authority.
Data Subject: Persons in the EU
Who is Data Protection Officer (DPO)? Do you have any dedicated DPO ?
The DPO is responsible for informing employees of their compliance obligations as well as conducting awareness trainings, monitoring, and audits required under GDPR. Yes, we have dedicated DPO. Any queries related to GDPR can be answered at firstname.lastname@example.org.
Do you have processes in place for data breach ?
Yes, we have data breach procedures in place that enables us to react immediately and thus notifying the affected parties within 72 hours of the breach. Data processors will also be required to notify their customers, the controllers, “without undue delay” after first becoming aware of a data breach.
What are the advantages of using cloud or Software-as-a-Service (SaaS) for GDPR compliance ?
Foremost advantage of using cloud services or SaaS is that the provider is already operating on a secure model for data management. This provides a safe environment to manage and process our data, and also accommodate efforts required to keep pace with changing policies.
For how long do you store customer data ?
We store customers’ data for the time of using our services or until they request to delete their data.
How do you handle Data subject’s rights?
Data Subjects have a right to have Access and Delete their personal data. We at Sayint immediately take action on request for Access or Deletion of their data by verifying the identity of anyone making a subject access request.
Where is your customer data physically stored ?
Does GDPR require EU data to stay in the EU ?
No, it doesn’t place any restrictions on transfer of personal data outside the EU and thus it is not required EU personal data to stay in EU. Data transfers to and fro from EU can be legitimized in various ways which includes EU-US Privacy Shield, Model or Contractual clauses etc.
How Privacy and “Privacy by Design” are handled by Sayint ?
We have procedures in place for Privacy Impact Assessments which enables us to design a Business process handling personal data and its protection. The GDPR is making privacy by design a major provision and, as a consequence, the inclusion of data protection as a key design element becomes an integral objective of any system design, at the very onset.
If you want more advice and help, get in touch with us at email@example.com today.