(Last Updated May 14, 2020)
Introduction
Welcome to Daleelo Community Network GDPR PolicyPage
Daleelo Community Networkcreated this GDPR section on our website to go over what GDPR means foryou and the steps we’ve taken to ensure the protection of your personal data.
The EU General DataProtection Regulation (GDPR) comes into effect on 25 May, 2018 and places newobligations on organizations based in the EEA or which hold or processpersonally identifiable information (PII) about EU residents.
What is considered personal data?
According to the GDPRdirective, personal data is any information related to a person such as a name,a photo, an email address, bank details, updates on social networking websites,location details, or a computer IP address.
What does GDPR-compliant mean?
Daleelo Community Networkis working with an external auditor to ensure GDPR compliance. Part of thecompliance includes obtaining a signed Data Protection Agreement from every DaleeloCommunity Network customer before May 25, 2018.
Our Commitment to Data Security
Personal data collectedby Daleelo Community Network are processed in accordance with the law on legalprotection of personal data and other legal acts. All partners and affiliatesof Daleelo Community Network who know the secret of personal data must keep itsafe even after termination of the service or contractual relationship. Allpersonal data collected from this site complies with the principles of the EUGDPR Data Protection Act 1998 And May 25, 2018. By accessing this site youagree to the terms and condition of use and our privacy policy and consent tothe collection, processing, use or transfer of data as set out in this policy.
Article32 of the GDPR requires that controllers and processors have adequate levels ofsecurity in place for ensuring the confidentiality, integrity, availability –and more, of processing and other related activities.
Specifically, Article 32 requires Daleelo Community Network to implementappropriate technical and organizational measures to ensure a level of securityappropriate to the risk, including the following as deemed appropriate:
· Thepseudonymisation and encryption of personal data.
· Theability to ensure the ongoing confidentiality, integrity, availability andresilience of processing systems and services.
· Theability to restore the availability and access to personal data in a timelymanner in the event of a physical or technical incident.
· Aprocess for regularly testing, assessing and evaluating the effectiveness oftechnical and organizational measures for ensuring the security of theprocessing.
Daleelo Community Network commitment to confidentiality, integrity, andavailability – known as the CIA triad of information security, consists of thefollowing initiatives:
- Robust set of internal controls relating to the storing, processing and/or transmission of personal data for EU data subjects.
- Comprehensive information security and operational policies, procedures, and processes relating to all core InfoSec domains,
- Access Control
- Anti-Virus and Anti-Malware
- Data and Information Classification
- Data Backup and Recovery
- Database Policy
- Firewall Policy
- Internet Usage Policy
- Remote Access Policy
- Security Management
- Software Development Life Cycle
- Web Server Security Policy
- Workstation Security
- Annual security awareness training for all employees.
- Annual risk assessment initiatives for assessing relevant risks to the organization and taking necessary action for reducing risk exposure.
- Monitoring, as necessary, of all relevant third-party providers for which Daleelo Community Network has a business relationship with in terms of storing, processing, and/or transmitting personal data for EU residents.
Your Rights as a DataSubject
IfDaleelo Community Network is storing, processing, and/or transmitting personaldata for EU data subjects, then you must be made aware of the following rightsand privileges under the General Data Protection Regulation (GDPR):
- Right of Access: The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.
- Right to Rectification: The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. 2Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to Erasure (“Right to be Forgotten): The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay when various grounds apply, however when a user violate any of our terms and conditions or privacy policy or perhaps share our material without permission, such user has no right to these clause, for they have waive such right to us.
- Right to Restriction of Processing: The data subject shall have the right to obtain from the controller restriction of processing when various grounds apply.
- Right to Data Portability: The data subject shall have the right to receive the personal data concerning him or her time frame to be decided by the data controller, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
- Right to Object: The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions? 2The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
GDPR Data Protection Scope
The General DataProtection Regulation (GDPR) was enacted by the European Union to deepen andharmonize personal data protection regulations. Now in effect as of May 25,2018, it is a comprehensive and clear set of guidelines that acknowledges thatdifferent “flavors” of personal data require different levels of protection.
GDPR applies to all business irrespective of the region or jurisdiction, nomatter where they are based, who collect and process personal data on EUresidents. Non-EU companies have to appoint a GDPR representative and will beliable for all fines and sanctions.
Some of the key requirements of the GDPR are:
- Consent: Organizations must get consent in the form of? Collect personal data, with the level of consent varying according to the type of personal data being collected.
- Data minimization: Responding to years of gratuitous collection of personal data by apps, with no clear purpose in mind, the GDPR stipulates that organizations can only collect personal data that is clearly related to a well-defined business objective. If an organization gathers personal data for one purpose but then decides it wants to use it for another purposes (such as consumer profiling), that could be considered non-compliance.
- Individual rights: Another key feature of the GDPR is the very clear rights that it gives data subjects (i.e., the individuals whose personal data is being collected) to understand why their data is being collected and how it is being processed. They have the right to object, to correct—and they have the right to be erased/forgotten. They also have the right to be notified (individually) if their personal data has been breached in a way that could endanger their freedoms and rights.
We as an organization havetaken a number of steps to ensure we are fully compliant with our obligations,and have clear policies and processes to respond to customer and partnerquestions.
Daleelo Community Networkhas comply with applicable legislation, regulation, statute or order which mayapply from time to time relating to the collection, storage and use of PersonalInformation including (without limitation) the Privacy Act 1988(Cth), the DataProtection Act 1998, the European Union General Data Protection Regulation May25, 2018 the Privacy and Electronic Communications (EC Directive) Regulations2003, the Data Protection (Processing of Sensitive Personal Data) Order 2000and comparable laws, as the case may be in the applicable jurisdiction, or anyamendments and/or re-enactments thereof.
How we are compliant with the EU GDPR regulation
This is a notice toinform you of Daleelo Community Network policy about all information that werecord about you. It sets out the conditions under which we may process anyinformation that we collect from you, or that you provide to us. It coversinformation that could identify you (“personal information”) and informationthat could not. In the context of the law and this notice, “process” meanscollect, store, transfer, use or otherwise act on information.
- We regret that if there are one or more pointsbelow with which you are not happy, your only recourse is to leave our websiteimmediately.
- Daleelo Community Network takes seriously the protectionof your privacy and confidentiality. We understand that all visitors to ourwebsite are entitled to know that their personal data will not be used for anypurpose unintended by them, and will not accidentally fall into the hands of athird party.
- Daleelo Community Network undertakes to preservethe confidentiality of all information you provide to us, and hope that youreciprocate.
- Our policy complies with the United States Courts accordinglyimplemented, including that required by the European Union General DataProtection Regulation (GDPR) and data protection regulation.
- The law requires us to tell you about your rightsand our obligations to you in regards to the processing and control of yourpersonal data.
- Except as set out below, we do not share, orsell, or disclose to a third party, any information collected through ourwebsite.
The operations of DaleeloCommunity Network are in accordance with the European Union's General DataProtection Regulation (GDPR), effective May 25, 2018. Daleelo Community Networkhas made the GDPR a priority, and we are and have always been fully alignedwith the regulation's intended result:
GDPR Scope
Passed in 2016, thenew General Data Protection Regulation (GDPR) is the most significant legislativechange in European data protection laws since the EU Data Protection Directive(Directive 95/46/EC), introduced in 1995. The GDPR, which becomesenforceable on May 25, 2018, seeks to strengthen the security and protection ofpersonal data in the EU and serve as a single piece of legislation for all ofthe EU. It will replace the EU Data Protection Directive and all the local lawsrelating to it.
We support the GDPR andwill ensure all Daleelo Community Network services comply with the GDPRprovisions effective from May 25, 2018. Not only is the GDPR an important stepin protecting the fundamental right of privacy for European citizens, it alsoraises the bar for data protection, security and compliance in the industry sotherefore Daleelo Community Network is committed to abide by all Dataprotection regulation.
Service / website Updates
Our service and website are being updated to help customers comply with theGDPR obligations relating to obtaining and recording consent. Consent approvalwill be available upon request. Other technology designed to automated dataaccess requests received from users will be released.
Privacy Policy
We have updated ourprivacy policy to ensure it complies with our obligations under the EU GDPRRegulation. You can learn more regarding our collection and use of yourpersonal information on our privacy policy page.
Data Security Policy
Daleelo Community Networkhas always been committed to ensuring we maintain our customers’ and theircustomers’ data as securely as possible. Details of our Data Security Policyconsistent with our obligations under the GDPR is available on our websiteterms and condition page.
Complaint
In the meantime, if you wish to submit a data request under the GDPR, or haveany additional queries, please contact our Daleelo Community Network privacyofficer at support@daleelo.com.