The General Data Protection Regulation (“GDPR”), which is in effect as of May 25, 2018, is an iteration of the existing data protection law defined and enforced by the European Union.
TapReason Ltd. (“Company”) is committed to ensuring that its services comply with the GDPR, and that its client can continue to use its services. Company has for months designated an internal team, which are accompanied by the Company’s legal consultants and other professional and expert consultants, for the sole purpose of ensuring all required actions are taken in order to achieve GDPR compliance.
Please see below a general overview which details the Company’s compliance with GDPR for additional information please contact us at: [email protected]
Technological Organizational and Security Standards
The Company has completed an in-depth audit data mapping out all of the Personal Data and data sets which it processes, as well as the technical and organizational security measures used in order to safeguard and protect such data. For additional information, please see Company security policy available at: TapReason’s security policy.
Company has ongoing training for its personnel and employees with regards to the GDPR, Company’s data practices and the importance of data security.
Transparency to Regulators
Company maintains accurate and accessible written records to the extent legally required to provide supervisory authorities, all in a timely manner, as required under applicable laws including the GDPR.
In accordance with GDPR, data subjects may exercise the following rights: (i) request to access Personal Data; (ii) request the rectification of Personal Data; (iii) request the erasure of Personal Data; (iv) request to restrict processing of Personal Data; (v) object to processing of Personal Data; (vi) request to exercise right of data portability; (vii) right to file a complaint to a supervisory authority; and (viii) right to withdraw consent (to the extent applicable). In order to exercise any of the above rights please download our form and send it to [email protected]
Company has implemented a process, in the event of a data breach and will provide the data controllers, the regulators and the end users with an immediacy of notification to the extent required under applicable law.
Our Legal team is busy ensuring our legal documentation is updated to reflect any changes and to include the mandatory Processor provisions required by Article 28 of the GDPR.