PastBook is Now GDPR Compliant:
Dear users and customers, we are glad to inform you that we are compliant with GDPR from May 25th, 2018.
We want to inform you of the actions that have been taken, the main intakes of our privacy and cookie policies, and finally we have listed your rights as a user.
- 1. Updated our privacy and cookie policies compliant with the GDPR
- 2. Consulted with internal and external experts to understand and take actions for the GDPR requirements
- 3. Created internal privacy policies that we will follow going forward when collecting and processing our customers' and users' data
- 4. Performed several risk and impact assessments to make sure that the data we process is in accordance with the GDPR measurement and instruction
- 5. Performed internal data auditing and made internal data matrix recording to make sure we understand how data is processed through our system
- 6. Signing and finalising all the Data Protection Addendum or Data Processing Agreements (DPA) with our third parties
- 7. Implementing consent management tools
Even though we are compliant with GDPR, it does not mean that we will stop improving ourselves on protecting our customer and user data. Our commitment to protecting customers’ data is a serious one. With our policy changes and internal improvements you can be assured that your content is safe and secure.
To begin with, PastBook is both Data Controller and Data Processor according to GDPR Article 24 and Article 28 respectively. This means that PastBook controls the data we possess as an owner, and we process these data with a legal basis.
1. What type of information we collect from you:
- 1.1. Users: name and surname, email address and/or Facebook ID, photos if manually uploaded.
- 1.2. Customers: postal address, order information and communication history if there is any and user information.
2. What the legal bases of processing are:
- 2.1. You have given your consent for one or more specific purposes.
- 2.2. Provision of Data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof.
3. For what purposes we collect information:
We use, store, and process information including personal information about you to:
- 3.1. Complete and fulfill customer’s order.
- 3.2. Improve and develop PastBook’s service for all our users.
- 3.3. Send newsletters for keeping you updated about our product and service.
GDPR gives more rights to users/customers and we will keep the information about the data we keep about you more transparent. Below are your rights that you can exercise with the new regulation. Please feel free to email us at [email protected] if you have any requests related to your rights.
- 1. Withdraw your consent at any time: You have the right to withdraw consent where you have previously given your consent to the processing of your Personal Data.
- 2. Object to processing of your data:You have the right to object to the processing of your Data if the processing is carried out on a legal basis other than consent.
- 3. Access your data:You have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
- 4. Verify and seek rectification:You have the right to verify the accuracy of your Data and ask for it to be updated or corrected.
- 5. Restrict the processing of your data:You have the right, under certain circumstances, to restrict the processing of your Data. In this case, the Owner will not process your Data for any purpose other than storing it.
- 6. Have your Personal Data deleted or otherwise removed:You have the right, under certain circumstances, to obtain the erasure of your Data from the Owner.
- 7. Receive your Data and have it transferred to another controller:You have the right to receive your Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance.
- 8. Make a complaint:Users have the right to bring a claim before their competent data protection authority if they are located in the EU zone.