wavity.com is GDPR ready
At wavity.com, nothing to us is more important than our customers’ success and the protection of their data. With customers in nearly every country in the world, we adhere to the General Data Protection Regulation (GDPR). The GDPR expands the privacy rights granted to European individuals and requires certain companies that process the personal data of European individuals to comply with a new set of regulations. In particular, the GDPR may apply to companies that process the personal data of European individuals and have a presence in the EU (e.g. offices or establishments) and to companies that do not have any presence in the EU but target the European market (e.g. by offering goods or services to the European market) or monitor the behavior of European individuals. We’re here to help our customers in their efforts to comply with the GDPR.
What is the GDPR?
The European Union’s General Data Protection Regulation (GDPR) became applicable in May 2018 and established a structured and comprehensive framework on how to collect, process, use, and share personal data in order to protect the privacy rights of EU data subjects. The GDPR generally applies to any organization operating within the EU and any organizations outside of the EU that offer goods or services to customers or businesses in the EU – and process personal data of EU-based individuals.
The GDPR expands the privacy rights granted to European individuals and is designed to protect their data protection rights by strengthening the security and protection of their data, and strengthening their control over how their personal data is handled.
In the UK, parts of the GDPR were incorporated into local law by the enactment of the Data Protection Act 2018. On 31 December 2020, the remaining provisions of the GDPR were incorporated into local UK creating what is known as the “UK GDPR”. Currently, the UK GDPR contains very similar requirements to the EU GDPR. When we refer to “the GDPR” we are referring both to the EU GDPR and to the UK GDPR.
Roles and Responsibilities
The GDPR distinguishes between two main types of roles regarding the processing of personal data: “Data Controller” and “Data Processor”. A data controller determines the purposes and ways that personal data is processed, while a data processor is a party that processes data on behalf of the controller.
Customers who are using wavity.com’s services to process personal data for their own purposes and means will typically be considered as the “Data Controller”, and are primarily responsible for meeting all applicable GDPR requirements; while wavity.com serves as its customer’s “Data Processor”, processing such personal data on behalf of its customers.
Compliance with the GDPR?
Our legal and privacy teams regularly monitor and review our practices in order to ensure ongoing and full compliance with the GDPR, including:
- Reviewing and strengthening our security infrastructure and practices, data encryption in transit and at rest, backup, logs, and security alerts.
- Conducting periodical risk assessments and a data mapping processes to ensure proper management of personal data in accordance with GDPR’s requirements.
- Engaging in regular monitoring of the guidance around GDPR compliance and ensuring ongoing compliance with the GDPR through our internal procedures, processes and controls and recurring training sessions for the team.
- Enabling our customers to respond to data subject requests to exercise their privacy rights, and deleting or anonymizing analytics data of users after user’s deletion.
- Having procedures for handling suspected breaches concerning personal data, limiting use, disclosure and retention of personal data, and regularly conducting privacy training for all relevant members of our staff.
If you have any questions concerning wavity.com’s privacy program and our compliance with the GDPR, please feel free to Contact Us