MOBILITY HOLDINGS, LIMITED STATEMENT OF COMPLIANCE TO THE GDPR
WHAT IS GDPR?
The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). The main difference is that the regulation puts more onus on organizations for seeking and recording permission and for being transparent about what, how, and for how long data is stored and used. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
The General Data Protection Regulation came into effect on 25th May 2018 and affects all organizations that hold data on individuals. The UK government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
CONFORMANCE TO GDPR
It is imperative we understand and keep up to speed with the rules and obligations of the GDPR. We take the GDPR very seriously. We have put systems in place to monitor and ensure that our data is compliant. This is a living document and we may update it whenever we think doing so will better achieve conformance to the GDPR.
In order to comply with the fundamental principles of the GDPR, we plan to implement the following data processing principles:
- Ensure we can easily locate and amend/delete contact details and inform third parties to do the same
- Ensure privacy notices remain accurate and up to date with the latest GDPR requirements
- Ensure individuals have access to their personal data so that they’re aware of and can verify the lawfulness of the processing
- Provide requested data without delay, within a month of receipt, and free of charge
- Immediately analyze any complaint regarding how information is used and provide a full explanation regarding the use of their information, source, and relevance to a use or marketing purpose
- Rectify individuals’ personal data if it is inaccurate or incomplete
- Clearly inform an individual and provide the right to decline when data is being shared with third parties
- Provide the “right to be forgotten,” enabling an individual to request that personal data is deleted or removed
- Stop processing data; if an individual contests the accuracy of personal data, processing will stop until the verification and accuracy of the data is approved
- Stop processing data as soon as an objection is received
- Provide data in a structured, machine-readable format such as a CSV files
- Deal with an objection at any time and free of charge
- Inform individuals of their right to object in privacy notices and at point of first communication
Data is to be deleted when:
- Data is no longer necessary in relation to the original purpose it was collected for
- The individual withdraws consent
- The individual objects to the processing and there’s no valid reason for continuing
- The personal data was unlawfully processed (a breach of GDPR)
- The data has to be erased to comply with a legal obligation
- If the data was disclosed to third parties that are subject to an erasure request, we will contact third parties regarding the data and request for deletion
DATA COLLECTION CONSENT
The GDPR sets a high standard for consent. Doing consent well puts individuals in control, building customer trust and engagement which enhances reputation. Below are the ways in which we have revised our consent mechanisms for obtaining personal data:
- Offering individuals genuine choice and control
- Requesting a positive opt-in, not a pre-ticked box or other method of consent by default
- Providing a very clear and specific data opt-in statement
- Naming any third parties who will rely on the consent
- Making it easy for people to withdraw consent
- Keeping evidence of consent (who they are, when they provided their details, how they provided them, and who they may have been shared with)
- Always reviewing and refreshing consent statements as and when anything changes
- Avoiding making consent a precondition of a service
RESPONSIBLE DATA PROCESSING
Mobility Holdings, Limited has implemented many updates to our policies and controls and feels that we are compliant with the new rules that came into force on 25th May 2018.
DESCRIPTION OF PROCESSING
We process personal information to enable us to produce and distribute printed material, promote our services, maintain our accounts and records, and support and manage our employees.
We sometimes need to share the personal information we process with the individual and also with other organizations. Where this is necessary, we are required to comply with all aspects of the General Data Protection Regulation (GDPR). If it is necessary to transfer personal information overseas, any transfers made will be in full compliance with all aspects of the general data protection regulation.
Any Mobility Holdings GDPR related questions and any data subject requests can be addressed to Mobility Holding’s Data Protection Officer at firstname.lastname@example.org
Mobility Holdings, Limited
Attn: Data Privacy Officer
Chongxin Road,Sec. 5
Lane 609, #6, 8F-8
New Taipei City, 241 Taiwan, ROC