What is GDPR?
The European Union’s General Data Protection Regulation, or GDPR, enhances the existing framework for companies that process the personal data of EU-based residents. It comes into effect on May 25, 2018, bringing with it a host of new obligations for those companies, and new privacy rights for their end users. Processing data can mean many things, from collecting data to storing and using it. Organizations large and small that process the personal data of EU-based individuals are now preparing for the new regulation, and piHAPPINESS is no exception.
GDPR also applies to Organizations located outside the EU:
Unlike the Data Protection Directive, the GDPR is relevant to any globally operating company, not just those located in the EU. Under the GDPR, organizations may be in scope if (i) the organization is established in the EU, or (ii) the organization is not established in the EU but the data processing activities are with regard to EU individuals and relate to the offering of goods and services to them or the monitoring of their behaviour.
General Data Protection Regulation Act.
Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be processed.
Data Processor means any natural or legal person who processes the data on behalf of the Data Controller.
Data Subject is any living individual who is using our service and is the subject of Personal Data.
piHAPPINESS GDPR Commitment
piHAPPINESS gives utmost importance to the data privacy of its customers. In compliance with the GDPR regulation effective from May 25, 2018, piHAPPINESS hereby confirms upon the data privacy, security & transparency commitment, the company offers to all its customers. We have an up-to-date Data Processing Agreement in place that elucidates our approach towards GDPR. We acknowledge that the GDPR will help us adopt the highest operational standards and will thereby facilitate to protect customer data in the best way possible.
What piHAPPINESS is Doing to Support its Users in Meeting the Requirements of GDPR?
Principles for Processing Personal Data
Our principles for processing personal data are:
Fairness and Lawfulness. When we process personal data, the individual rights of the Data Subjects must be protected. All personal data must be collected and processed in a legal and fair manner.
Restricted to a Specific Purpose. The personal data of Data Subject must be processed only for specific purposes.
Transparency. The Data Subject must be informed of how his/her data is being collected, processed and used.
What Personal Data We Collect and Process
In order to execute the Agreement, and in particular to perform the Services on behalf of Customer, Customer authorizes and requests that piHAPPINESS Process the following Personal Data:
Customer Information: Information that we may collect from your use of the piHAPPINESS websites and your interactions with us offline such as:
Contact Information: Name, home address, telephone or mobile number, email address, and passwords, Address, State, Province, ZIP/Postal code, City.
Financial Information: Credit card’s number and billing information (tax id, number of the payer VAT, billing address, billing email, where invoices are sent); Credit card number is handled by Network.ae (our payment gateway), by Paypal, or other types of payment ; piHAPPINESS only charges your credit card for payments.
piHAPPINESS deal with customer information according to the terms of our general
Services Data: Data that resides on piHAPPINESS, customer or third-party systems to which piHAPPINESS has provided access to perform services.Data stored and processed by users, such as: source code for the application, databases that the applications use, files generated by applications, the history of operations performed by users.
How We Use the Personal Data
piHAPPINESS uses the collected personal data for various purposes:
To provide you with services
To notify you about changes to our services and/or products
To provide customer support
To gather analysis or valuable information so that we can improve our services
To detect, prevent and address technical issues
Legal Basis for Collecting and Processing Personal Data
piHAPPINESS legal basis for collecting and using the personal data described in this Data Protection Policy depends on the personal data we collect and the specific context in which we collect the information:
piHAPPINESS needs to perform a contract with you.
You have given piHAPPINESS permission to do so.
Processing your personal data is in piHAPPINESS legitimate interests.
piHAPPINESS needs to comply with the law.
Retention of Personal Data
piHAPPINESS will retain your personal information only for as long as is necessary for the purposes set out in this Data Protection Policy. piHAPPINESS will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.
Data Protection Rights
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. If you wish to be informed about what personal data we hold about you and if you want it to be removed from our systems, please contact us. In certain circumstances, you have the following data protection rights:
-The right to access, update or to delete the information we have on you
-The right of rectification
-The right to object
-The right of restriction
-The right to data portability
-The right to withdraw consent
The most referenced consequence of non-compliance with the GDPR is the maximum fine that can be levied against a non-compliant organization. The maximum fine that may be levied is 4% of global revenue or 20 million EUR, whichever is higher. Certain other types of infringements carry a maximum fine of 2% of global revenue, or 10 million EUR, whichever is higher. Less frequently referenced are the data protection authorities’ (“DPAs’ ”) powers under Art. 58 of the GDPR. These powers include the ability for the DPAs to impose corrective actions, such as a temporary or definitive limitation on data processing activities, including a complete ban on data processing, or to order the suspension of data flows to a recipient in a third country.
Our GDPR Readiness Checklist
1. DPA updated
2. Terms of service updated
4. Data Protection Officer appointed
5. GDPR training given to all employees that handle customer data