GDPR – General Data Protection Regulation
General Data Protection Regulation in GPS Services as a Controller
The European Union’s General Data Protection Regulation (“GDPR”), coming into effect in 25 May 2018, lays out a new set of rules for how the personal data of people living within the EU should be handled. It sets out the protection of personal data as a guaranteed right for all citizens across EU.
As a personal data processor when offering hosting services, GPS Services Ltd. is compliant with all the requirements of the regulation and meets the high standards “Data privacy by design and by default”. Only the required legal minimum of personal data is gathered, processed and kept secure with the appropriate technical and organisational measures.
Information about the Controller
Information about the Data Protection Officer
Information about the Supervisory Authority
Grounds for collecting, processing and storing your personal data
Art. 1. (1) GPS Services Ltd. shall collect and process your personal data in relation to the provision of hosting services, registration of domains, usage of virtual or dedicated servers and the conclusion of contracts with the Company on the grounds of Art. 6, Para. 1, Regulation (EU) 2016/679 (GDPR), and in particular on the following grounds:
(2) GPS Services Ltd. shall be a controller regarding your data as the User of our services. With regard to the personal data you process using our services, GPS Services Ltd. shall act as a processor.
Purposes and principles for collecting, processing and storing your personal data
Art. 2. (1) GPS Services Ltd. shall collect and process the personal data you provide to us in connection with the use of our hosting services and for the conclusion of a contract with the Company as well as for subscribing to our events, including for the following purposes:
(2) GPS Services Ltd. shall comply with the following principles when processing your personal data:
(3) When processing and storing personal data, GPS Services Ltd. may process and store personal data to protect the following legitimate interests of theirs:
What kind of personal data shall GPS Services Ltd. collect, process and store?
Art. 3. (1) GPS Services Ltd. shall perform the following operations with personal data and for the following purposes:
(2) GPS Services Ltd. shall process the following categories of personal data and information for the following purposes, and for the following reasons:
(3) GPS Services Ltd. shall not collect or process personal data that relates to the following:
(4) Personal data shall be collected by GPS Services Ltd. from the persons to whom it relates.
(5) The Company shall not perform automated decision making with data.
Personal data storage period
Art. 4. (1) GPS Services Ltd. shall store your personal data for no longer than the duration of existence of your profile in the GPS server. Upon expiry of this period, GPS Services Ltd. shall take reasonable care to erase and destroy all your data without undue delay.
(2) GPS Services Ltd. shall notify you in case the storage period needs to be extended in order to achieve the purposes, the implementation of the contract, in view of the legitimate interests of GPS Services Ltd. or otherwise.
(3) GPS Services Ltd. shall keep the personal data that they are required to keep under the applicable legislation for the required term, which may exceed the duration of your registration.
Transfer of your personal data for processing
Art. 5. (1) GPS Services Ltd. may, at their sole discretion, transmit all or part of your personal data to personal data processors for the fulfillment of the processing purposes, subject to the requirements of Regulation (EU) 2016/679.
(2) GPS Services Ltd. shall notify you in case of intent to transmit all or part of your personal data to third countries or international organizations.
Your rights when collecting, processing or storing your personal data
Withdrawal of consent to process your personal data
Art. 6. (1) If you do not wish all or any of your personal data to continue to be processed by GPS Services Ltd. for a particular or for any processing purpose, you may, at any time, withdraw your consent to processing by filling in the form in your profile or a request in free text.
(2) GPS Services Ltd. may require you to prove your identity and your identity with the data subject.
(3) Your account shall become inactive if you withdraw your consent for the processing of personal data which is required for creating and maintaining your registration for the use of the services.
Right of access
Art. 7. (1) You shall have the right to request and obtain from GPS Services Ltd. confirmation as to whether or not personal data about you is being processed.
(2) You shall have the right to access the data relating to it as well as the information relating to the collection, processing and storage of your personal data.
(3) GPS Services Ltd. shall provide you, upon request, with a copy of the processed personal data about you, in electronic or other appropriate form.
(4) Providing access to the data shall be free of charge, but GPS Services Ltd. shall reserve the right to impose an administrative fee in the event of recurrence or disproportionate claims.
Right to rectification or filling in
Art. 8. You can rectify or fill in the inaccurate or incomplete personal data about you directly through your website profile or by sending a request to GPS Services Ltd..
Right to erasure (‘right to be forgotten’)
Art. 9.(1) You shall have the right to request from GPS Services Ltd. the erasure of the personal data about you, and GPS Services Ltd. shall have the obligation to erase it without undue delay where one of the following grounds applies:
(2) GPS Services Ltd. shall not be obliged to erase the personal data, if they store and process the data:
(3) In order to exercise your right to be ‘forgotten’, you should submit a request through the option in your profile or a written request sent to GPS Services Ltd. as well as to authenticate your identity and identity with the person to whom the data provided to GPS Services Ltd. relates, by presenting your ID card on the spot for identification purposes and, if necessary, entering your login data for the account of the person to whom the data relates before an employee of GPS Services Ltd..
(4) GPS Services Ltd. shall not erase the data that they have a legal obligation to store, including for protection against claims brought against them or proof of their rights.
Right to restriction
Art. 10. You shall have the right to request from GPS Services Ltd. restriction of processing of data about you where one of the following applies:
Right to data portability
Art. 11. (1) You may, at any time, download, directly through your profile or by email request, the data about you that are stored and processed in connection with the use of GPS Services Ltd. services.
(2) You can request GPS Services Ltd. to transmit your personal data directly to another controller, chosen by you, where technically feasible.
Right to receive information
Art. 12. You may request from GPS Services Ltd. to inform you of all recipients to whom personal data has been disclosed for which rectification, erasure or limitation of the processing has been requested. GPS Services Ltd. may refuse to provide this information if this would not be possible or would require disproportionate effort.
Right to object
Art. 13. You shall have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data about you, by GPS Services Ltd. including profiling or direct marketing.
Your rights upon personal data security breach
Art. 14. (1) If GPS Services Ltd. become aware of a breach in your personal data that is likely to result in a risk to your rights and freedoms, we shall, without undue delay, notify you about this breach and about the measures that have been undertaken or are to be undertaken.
(2) GPS Services Ltd. shall not be obliged to notify you if:
Persons provided with your personal data
Art. 15. In case of violation of your rights under the above or applicable data protection laws, you shall have the right to file a complaint with the Commission for Personal Data Protection as follows:
Art. 16. You may exercise all of your rights to protect your personal data through the forms enclosed with this information. Of course, these forms shall not be mandatory and you can make your claims in any form that contains a statement about it and identifies you as the data holder.
Art. 17(1). When assigning GPS Services Ltd. to process personal data to a third party for the purposes of using the service, GPS Services Ltd. shall act in their capacity of a personal data processor.
(2). In the cases under Para. 1, GPS Services Ltd. shall act only on your instruction as the User of the service and only as long as they may have control over the personal data you are processing. GPS Services Ltd. shall have no control over the content and data that you as a service user choose to be uploaded to the service (including whether or not this data includes personal data). In this case, GPS Services Ltd. shall have no role in the decision-making process whether the User uses the data processing service, for what purposes and whether it is protected. Accordingly, the responsibility of GPS Services Ltd. in this case shall be limited to 1) complying with the instructions of the User of the service, pursuant to the contract and the general terms and conditions, and 2) providing information about the service and functionalities through their interface.