2. DATA PROTECTION (GDPR) PRINCIPLES
THE GENERAL DATA PROTECTION REGULATION
The General Data Protection Regulation 2016 (GDPR) is one of the most significant pieces of legislation affecting the way that Globalink Logistics carries out its information processing activities. Significant fines are applicable if a breach is deemed to have occurred under the GDPR, which is designed to protect the personal data of citizens of the European Union. It is Globalink Logistics’ policy to ensure that our compliance with the GDPR and other relevant legislation is clear and demonstrable at all times.
There is a total of 26 definitions listed within the GDPR and it is not appropriate to reproduce them all here. However, the most fundamental definitions with respect to this policy are as follows: Personal data is defined as: any information on electronic, paper or other physical media relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; ‘processing’ means: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; ‘controller’ means: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA
There are a number of the fundamental tenets upon which the GDPR is based. These are as follows: 1.Personal data shall be: (a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’); (b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’); (c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’); (d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’); (e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’); (f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’). (g) excessive collection, storage and processing of personal data is not allowed and is limited to the achievement of specific, predetermined and legitimate purposes. (h) processing of personal data that is incompatible with the purposes of collecting it is not allowed, it is allowed to collect only data that meets the needs of our business and specific purposes. (i) the content and volume of processed personal data is strictly in line with the purposes of collection.
Whilst all efforts will be taken to protect your personal data, no data storage or transmission can be guaranteed as 100% secure. We endeavour to protect all personal data using reasonable and appropriate physical, administrative, technical, and organisational measures, and in accordance with our internal security procedures and applicable law. If you have been given or have created log-in details to provide you with access to certain parts of our Site, you are responsible for keeping those details confidential in order to prevent unauthorised access to your accounts.
NECESSARY COOKIES (ALL SITE VISITORS)
- PHPSESSID: To identify your unique session on the website.
5. WHO HAS ACCESS TO YOUR DATAIf you are not a registered client for our site, there is no personal information we can retain or view regarding yourself. If you are a client with a registered account, your personal information can be accessed by:
- Our system administrators.
- Our supporters when they (in order to provide support) need to get the information about the client accounts and access.
6. THIRD PARTY ACCESS TO YOUR DATA
We don’t share your data with third-parties in a way as to reveal any of your personal information like email, name, etc. The only exceptions to that rule are for partners we have to share limited data with in order to provide the services you expect from us. Please see below:
7. HOW LONG WE RETAIN YOUR DATA
When you submit a support ticket or a comment, its metadata is retained until (if) you tell us to remove it. We use this data so that we can recognize you and approve your comments automatically instead of holding them for moderation.
If you register on our website, we also store the personal information you provide in your user profile. You can see, edit, or delete your personal information at any time (except changing your username). Website administrators can also see and edit that information.
8. SECURITY MEASURES
We use the SSL/HTTPS protocol throughout our site. This encrypts our user communications with the servers so that personal identifiable information is not captured/hijacked by third parties without authorization.
In case of a data breach, system administrators will immediately take all needed steps to ensure system integrity, will contact affected users and will attempt to reset passwords if needed.
9. YOUR DATA RIGHTS
If you have a registered account on this website or have left comments, you can request an exported file of the personal data we retain, including any additional data you have provided to us.
You can also request that we erase any of the personal data we have stored. This does not include any data we are obliged to keep for administrative, legal, or security purposes. In short, we cannot erase data that is vital to you being an active customer (i.e. basic account information like an email address).
If you wish that all of your data is erased, we will no longer be able to offer any support or other product-related services to you.
Your privacy is critically important to us. Going forward with the GDPR we aim to support the GDPR standard. AxiomThemes permits residents of the European Union to use its Service. Therefore, it is the intent of AxiomThemes to comply with the European General Data Protection Regulation. For more details please see here: EU GDPR Information Portal.
10. RELEASE OF YOUR DATA FOR LEGAL PURPOSES
At times it may become necessary or desirable to AxiomThemes, for legal purposes, to release your information in response to a request from a government agency or a private litigant. You agree that we may disclose your information to a third party where we believe, in good faith, that it is desirable to do so for the purposes of a civil action, criminal investigation, or other legal matter. In the event that we receive a subpoena affecting your privacy, we may elect to notify you to give you an opportunity to file a motion to quash the subpoena, or we may attempt to quash it ourselves, but we are not obligated to do either. We may also proactively report you, and release your information to, third parties where we believe that it is prudent to do so for legal reasons, such as our belief that you have engaged in fraudulent activities. You release us from any damages that may arise from or relate to the release of your information to a request from law enforcement agencies or private litigants.
Any passing on of personal data for legal purposes will only be done in compliance with laws of the country you reside in.