Goverlan GDPR Statement


Our Commitment to GDPR

On May 25th, 2018, the European Union's (EU) new data protection framework General Data Protection Regulation (GDPR), comes into effect. It is the most significant piece of data protection legislation to date and will impact any organization that processes personal data in connection with goods/services offered to an EU resident, or monitors the behavior of persons within the EU. The GDPR strengthens individuals' privacy rights through tighter limits processing of their personal data, significantly expanding their rights over their data, and providing increased transparency into the nature, purpose, and use of it.

Goverlan Inc. is committed to provide the highest level of user rights and PII protection to our visitors and customers. We have enacted to use the European Union’s General Data Protection Regulation (GDPR) as a core reference to achieve the highest level of compliance and trust to both our EU and non-EU customers and prospects. As such, Goverlan Inc. is committed to achieve compliance with the GDPR by the May 25th, 2018 enforcement date.

This site overviews the steps we are taking and helps address the questions you might have about GDPR and Goverlan Inc.

What is GDPR?

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal identifiable information (PII) of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based.

Personal Identifiable Information is defined as information that, when used alone or with other relevant data, can identify an individual. PII may contain direct identifiers (e.g. email address, IP address…) that can identify a person uniquely, or quasi-identifiers (e.g. race) that can be combined with other quasi-identifiers (e.g. date of birth) to successfully recognize an individual.

Under the GDPR, what are my Rights?

Data subject rights form the core of GDPR, and companies must implement these rights in the context of its individual EU clients.



Right to information This right provides the data subject with the ability to ask a company for information about what personal data (about him or her) is being processed and the rationale for such processing. For example, a customer may ask for the list of processors with whom his or her personal data is shared.
Right to access This right provides the data subject with the ability to get access to his or her personal data that is being processed. This request provides the right for data subjects to see or view their own personal data, as well as to request copies of the personal data.
Right to rectification This right provides the data subject with the ability to ask for modifications to his or her personal data in case the data subject believes that this personal data is not up to date or accurate.
Right to withdraw consent This right provides the data subject with the ability to withdraw a previously given consent for processing of their personal data for a purpose. The request would then require the company to stop the processing of the personal data that was based on the consent provided earlier.
Right to object This right provides the data subject with the ability to object to the processing of their personal data. Normally, this would be the same as the right to withdraw consent, if consent was appropriately requested and no processing other than legitimate purposes is being conducted. However, a specific scenario would be when a customer asks that his or her personal data should not be processed for certain purposes while a legal dispute is ongoing in court.
Right to object to automated processing This right provides the data subject with the ability to object to a decision based on automated processing. Using this right, a customer may ask for his or her request (for instance, a loan request) to be reviewed manually, because he or she believes that automated processing of his or her loan may not consider the unique situation of the customer.
Right to be forgotten Also known as right to erasure, this right provides the data subject with the ability to ask for the deletion of their data. This will generally apply to situations where a customer relationship has ended. It is important to note that this is not an absolute right, and depends on your retention schedule and retention period in line with other applicable laws.
Right for data portability This right provides the data subject with the ability to ask for transfer of his or her personal data. As part of such request, the data subject may ask for his or her personal data to be provided back (to him or her) or transferred to another controller. When doing so, the personal data must be provided or transferred in a machine-readable electronic format.

What steps is Goverlan Inc. taking to comply with GDPR?

We are actively working to address GDPR compliances for all our EU resident users by conducting the following:

  • Mapped an overview of all our systems to document the storing, consumption and transfer of PII.
  • Introduced an updated Privacy and Cookie Policy that reflects our new obligations under the GDPR.
  • Introduced an Data Processing Addendum to our terms and services.
  • Obtained confirmation from our vendors to confirm GDPR sub-processor compliance.
  • Made technical changes to our web site, and cloud platforms to comply with the GDPR’s requirements and enhanced data subject rights.
  • Updated our Enterprise Security Incident Response Plan to execute Data Breach Notifications under the terms of the GDPR.

We have also created a Privacy Dashboard from where you can control your privacy settings. To access it, go to the footer section of any page and click on My Privacy Settings.

Inquiries

If you have any questions about this statement, or the status of Goverlan Inc.’s GDPR compliance, please send your request to privacy@goverlan.com.