The GDPR (General Data Protection Regulation) became effective as of May 25th, 2018. The GDPR replaces national privacy and security laws that previously existed within the EU with a single, comprehensive EU-wide law that governs the use, sharing, transfer and processing of any personal data that originates from the EU.
Expedos’ policy is to respect all laws that apply to our business and this includes the GDPR. We are committed to helping our customers stay in compliance with GDPR and/or their local requirements.
The protection of personal and client data is at the forefront of our internal policies and procedures and has been entrenched into our employment culture.
Please review Expedo’s entities privacy and compliance pages to see what frameworks have been implemented to ensure the highest level of security to protect any data that is processed across all industries that our companies provide services in.
In addition, here are a few things that Expedo is committed to doing to ensure our compliance with GDPR and that of our customers:
- Where we are transferring data outside of the EU, Expedo commits to having the appropriate data transfer mechanisms in place as required by GDPR.
- Expedo commits to follow appropriate security measures and precautions in accordance with GDPR and other privacy laws outside of the EU.
- Expedo will assist with notifying regulators of breaches and promptly communicating any breaches to customers and users.
- We will ensure that employees authorized to process personal data have committed to confidentiality.
- Expedo performs annual vendor risk assessments on all sub-processors to ensure the highest level of security and data processing frameworks including their GDPR compliancy.
- Where appropriate, we will offer contractual language documenting our commitments to our customers to support their GDPR obligations.
- You have a direct contact at Expedo for data protection and GDPR, the Data Protection Officer. For any questions you have please contact – email@example.com
FAQ (To be drop down answers)
How does Expedo store and secure my personal information that is collected?
Expedo has implemented many systems and security measures to ensure data remains safe in transit and at rest, this always being encrypted. The infrastructure has been architected and designed with security and privacy at the forefront. All data resides on “private” networks and are not directly attached to the internet. A layered security model is in place and is configured as per industry best practice. Expedo also engages third party penetration testing consultants that regularly review and test the environment.
What rights do I have under the GDPR and surrounding my personal data?
1. The right to be informed – The data subject has the right to be informed about what personal data Expedo has and is processing about him/her.
2. The right of access – The data subject has the right to full and instant access to all personal data Expedo has of him/her.
3. The right to rectification – The data subject has the right to the rectification of any inaccurate data Expedo has concerning him/her.
4. The right to erasure – The data subject has the right to erase any or all data the controller has of the subject without any undue delay
5. The right to restrict processing – The data subject has the right to restrict/inform the controller how, what and when their personal data is processed for.
6. The right to data portability – The data subject shall have the right to receive personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transit those data to another controller without hindrance from the controller to which the personal data have been provided.
7. The right to object – The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her.
8. The right in relation to automated profiling – The data subject has the right to decline controllers to use their personal data for automated decision making and profiling. The controller must offer an option to the data subjects if they wish to use personal data for this.
*Please note that not all rights can be exercised if the following applies:
· There is a legal obligation to process the data in question through the EU or member state law to which the controller is subject to or it is a risk that needs to be carried out in the public interest or in the exercise of official authority vested in the controllers
· There is a public interest in the area of public health
· In case of archiving in the public interest, for scientific, historical research or statistical purposes insofar as the deletion of the requested data might seriously impair the achievement of the objectives of that processing
· The data is needed to establish, exercise or defend legal claims
To exercise any of your rights below please contact: firstname.lastname@example.org
I would like more information on how my data is used, who is my main point of contact?
To place a data subject request or any other questions relating to the use of your data please email: email@example.com