Information Governance Policy and GDPR compliance statement — Digiteum

Information Governance Policy

Information Governance Policy

General

The General Data Protection Regulation (GDPR) adopted on 14 April 2016 and in force as from 25 May 2018 is the law that enables a comprehensive approach to data protection, enhances the rights of individuals to their personal data, ensures control over data collection and processing and places a range of new obligations regarding data protection policies and operations in organizations and companies.

This regulation applies to the processing of personal data that belongs to the EU residents carried out by the organizations operating both within and outside the EU.   

Our commitment

At Digiteum, we strongly believe that new regulations will improve personal data security, ensure better protection of individuals and groups in modern data-driven economies, encourage diligence and responsibility of all concerned parties and create the infrastructure for lawful, fair, relevant and transparent data practices.

Therefore, Digiteum declares commitment to the new regulations and initiates a range of inventory, infrastructure, technology, documentation, operation and policy measures to comply with the GDPR.

Definitions

Any information that can be used to directly or indirectly identify a natural person – data subject (name, email address, location, etc.) – is considered to be personal data and falls under the provisions of GDPR.

At Digiteum, we collect personal data (name, email address, location, etc.) of www.digiteum.com and www.digiteum.co.uk users who have expressed their prior consent and willingly provided their information on these websites (filled in an online form, requested download, etc.) and of some of our clients’ employees (name, email, title, Skype ID, etc.) who take part in ongoing collaborations with Digiteum.

Use of personal data

Digiteum collects personal data such as name and email address to reply to a user’s query affirmatively submitted on www.digiteum.com and www.digiteum.co.uk, provide requested content or services, conduct marketing activity that individuals willingly expressed interest in via a positive opt-in consent (i.e. subscribing for newsletters). Digiteum does not collect any sensitive personal data.

According to the GDPR, any organization should have, document and be able to validate a lawful basis for using personal data. Digiteum confirms all the personal data obtained and further processed is collected by means of genuine opt-in consent created according to the standards of the GDPR.

We regularly review and update our consents to make sure they follow all legal standards. We make it easy for individuals to withdraw their consent at any time with no penalties. Please, email us at hello@digiteum.com to withdraw your consent. We will act on your withdrawal request as soon as possible.

In certain circumstances, Digiteum collects personal data from the individuals in direct contractual relationship with the company (Digiteum partners, clients, clients’ employees). In such cases, contractual relationship becomes the lawful basis of data collection, usage and storage.

Individual rights

Digiteum adheres to core data protection principles and is committed to transparently, lawfully and fairly process personal data, ensure its correctness, integrity and security and address the rights of data subjects with respect and responsibility. Compliant to the GDPR, Digiteum guarantees the fulfillment of these individual rights.

Right to be informed

We openly and transparently inform individuals how and why we collect and store their data, what data we collect, how we implement data protection and what rights individuals have in regards to the personal data stored with us.

Right of access

Individuals can request to confirm that their personal data is stored with us and access their personal data to ensure the lawfulness of data collection and correctness of their data. 

Right to rectification

Individuals can request to rectify their personal data if they find it incomplete or incorrect. 

Right to erasure

Individuals can request to erase the personal data we store with us. We have procedures in place to fulfill such requests and reply to the individual’s query in the shortest time possible.

Right to restrict processing

Individuals can withdraw their consent or request to restrict the use of their personal data. The withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal. We reserve the right to lift the restriction in case the processing of certain data is legally necessary, according to the GDPR. In this case, we priorly inform the individual of the case and explain why we have to lift the restriction.

Right to portability

Individuals can request to obtain the personal data they store with us and further reuse it for other purposes.

Right to object

Individuals can object the usage of their personal data for marketing, scientific, research, or other legitimate purposes. 

Rights related to automated decision making including profiling

We do not perform automated decision making including profiling.

Please, email us at hello@digiteum.com and send your request regarding the rights listed above. We fulfill these requests in the shortest time possible, but no longer than one month from the request receipt.

Our responsibility

At Digiteum, we take the GDPR with full responsibility, make necessary steps to prepare the company and implement the regulations, document these steps when it’s needed and introduce technical and organizational measures to comply with the new law.

Third-party services

Digiteum may use third-party services, for example, when we communicate with our clients via email or send newsletters to our subscribers.  In these cases, we chose to work only with reliable and trusted third-party services that comply with data protection law and openly demonstrate their commitment.

To store clients’ employees’ data, we use a remote cloud solution provided by Microsoft Corporation and rely on Office 365 as our communication means. Microsoft Corporation is compliant to the GDPR and ensures all the services provide adequate data protection and security. You can learn more here.

To store the data collected on consent-based mode via www.digiteum.com and www.digiteum.co.uk, we use Zoho CRM and Hubspot. Both Zoho CRM and Hubspot are committed to protecting user rights and privacy and take necessary measures to comply with the GDPR. You can learn more here and here

Documentation

We make the records on the purposes and means of processing personal data when it’s necessary.

We regularly review the records to make sure our processing activities are relevant, up-to-date and valid. In order to maintain consistent commitment within the company, we perform audits and trainings to make sure fair data processing practices are observed by all staff members.

Data protection

We adhere to the principle of “data protection by design and default,” which means that we enhance the importance of introducing privacy-first measures at the very start of any project/activity/interactions with any website user, client or organization in general.

In order to enforce data protection principles within the company, we regularly assess and analyze our activities associated with data collection, usage, storage and security. Digiteum’s activity with the personal data we obtain is not considered high risk and does not directly require introducing systematic Data Protection Impact Assessment (DPIA) practices, neither assigning a Data Protection Officer (DPO). However, we take extra effort to monitor risks and make sure our data practices are secure in all ways.

The nature of Digiteum with the personal data we obtain does not imply the necessity of signing up to a code of conduct or certification related to data protection, nor does the GDPR claims it obligatory. However, Digiteum does consider working towards complying with the approved codes of conduct that cover relevant activities.

Data security

At Digiteum, we understand the importance of integrity, availability and confidentiality of personal data. Therefore, we assign personal data processing only to the trusted services which guarantee the security of all the procedures and operations. Office 365, Zoho CRM and Hubspot implement necessary security measures such as encryption, robust data security policies, controls and systems for data safety, integrity and confidentiality. You can learn more about Microsoft Office 365 data security here, Zoho CRM data security here, and Hubspot data security here.

Data transfer

Digiteum does not transfer personal data outside the EU unless it’s made on behalf of Digiteum by one of the third-party services we rely on for storing and using data such as Zoho CRM, Microsoft Corporation, Hubspot. In these cases, Zoho CRM may transfer data to the US, which is recognized by the European Commission as the third country that provides adequate protection. Microsoft Corporation may store personal data over the data centers around the globe provided that all the data centers meet stringent security requirements, including the EU-U.S. Privacy Shield Framework and Swiss data protection law. You can find out more about Microsoft Corporation data transfer security here. Hubspot cloud infrastructure is hosted on Amazon Web Services (AWS) and data is stored in the U.S. and EU. Digiteum websites are hosted by WordPress on servers in the EU (the Netherlands). 

Personal data breach

At Digiteum, we have strict breach recognition, investigation and reporting procedures. Taking into consideration the GDPR provisions and the risks of personal data breaches, we make the best efforts to report any security breach within 24 hours and further fix the problem within the next 12 hours after it was reported.

These terms may fluctuate depending on the severity of the breach. However, we commit to inform relevant authorities and affected individuals not later than within 72 hours after the detection of a high-risk breach.

Children

As stated in our Privacy Policy, we do not knowingly collect information from users under 16 years old. If we are made aware that we have such personal information, we will take reasonable steps to erase this information immediately.  

If you have any questions or queries regarding our GDPR compliance and our Privacy Policy, please, don’t hesitate to contact us using our contact form of directly at hello@digiteum.com.

This page has been revised and updated on November 22, 2020.

image
https://www.digiteum.com/wp-content/themes/blake/
https://www.digiteum.com//
#dd170f
style1
default
Loading posts...
/opt/bitnami/apps/wordpress/htdocs/
#
on
none
loading
#
Sort Gallery
https://www.digiteum.com/wp-content/themes/blake
off
yes
yes
off
Enter your business email here
on
off