On May 25, 2018, the General Data Protection Regulation (GDPR) took effect in the European Union. The GDPR governs how both “Data Controllers” and “Data Processors” collect and process “Personal Data” of EU citizens (“data subject”). Based on well recognized privacy principles of accountability, fairness and transparency, GDPR brings long awaited consistency to data protection in the EU by harmonizing the existing patchwork of national data protection legislation across all EU member countries
This privacy statement is applicable on all companies and other persons (including Agile Space) related to the SmartLogicIT Solutions Services.
The SmartLogicIT Solutions Services controls and processes personal data of clients (including their clients) and staff. SmartLogicIT Solutions Services wants to realize a secure and safe controlling and processing of private personal data and safeguards, protects and guarantees privacy. The purpose of this statement policy is to clarify what the laws and regulations concerning private data imply for SmartLogicIT Solutions Services, for its the customers, partners and staff.
Our customers and staff should rely that SmartLogicIT Solutions Services handle their data carefully, fair and transparent. SmartLogicIT Solutions Services is dedicated to helping our customers, partners and staff navigate GDPR by protecting and respecting personal data, no matter where it is collected or processed, and is committed to compliance with applicable regulatory frameworks wherever, including GDPR and local laws.
This privacy statement can be adjusted from time to time if reviews necessitate this.
Under GDPR, there are six different legal bases under which personal data can be processed. It is SmartLogicIT Solutions Services policy to identify the appropriate legal basis for data processing and document it. These are briefly described below:
3.1 Consent
SmartLogicIT Solutions Services will collect and process the personal data with consent by data subjects. This consent must be revocable at any time.
3.2 Performance of a Contract
Where personal data collected and processed required to fulfil a legal contract with the data subject or to take necessary steps at the request of those concerned prior to entering into a contract, then explicit consent is not required. This also applies where SmartLogicIT Solutions Services has signed a legal contract with a client for the provision of our IT and Consultancy services and solutions and the data subjects’ personal data is necessary for completion of the contract. Note that where the client is not an individual, or where the client is not the same person as the data subject, the client will be required to confirm that it has a legal basis for providing the information on the data subject to SmartLogicIT Solutions Services.
3.3 Legal Obligations
Where SmartLogicIT Solutions Services acting as a Data Controller is required to collect and process a data subject’s personal data in order to comply with a legal obligation such as an EU member state’s employment or taxation legislation, then explicit consent is not required from the data subjects to process the data required.
3.4 Vital Interests of a Data Subject
Where personal data is required to be processed in order to protect the vital interests of the data subject or of another natural person, then such processing is regarded as lawful under the GDPR. SmartLogicIT Solutions Services will retain reasonable documented evidence to cover this case whenever this reason is used as the lawful basis for this type of processing of personal data.
3.5 Public Interest Tasks
Where SmartLogicIT Solutions Services is required to perform a task that we believe is in the public interest as laid down by law or as part of an official duty, then explicit consent is not required from the data subjects. The assessment of the public interest task or official duty will be documented by SmartLogicIT Solutions Services.
3.6 Legitimate Interests
If the processing of specific personal data is in the legitimate interests of SmartLogicIT Solutions Services and a proportionality assessment is carried out that determines that SmartLogicIT Solutions Services legitimate interests are not overridden by the interests or fundamental rights and freedoms of the data subject, then this may be defined as the lawful basis for processing. This will be documented by SmartLogicIT Solutions Services.
Each data subject can request to exercise the following rights under the GDPR with respect to the controlling and processing of their personal data:
4.1 The right to be informed.
4.2 The right to access the personal data processed.
4.3 The right to rectification of inaccurate personal data concerning him or her.
4.4 The right to erasure of the personal data where there are legitimate grounds for retaining it.
4.5 The right to restrict processing.
4.6 The right to receive the personal data provided to a controller concerning him or her (data portability).
4.7 The right to object processing of personal data concerning him or her.
4.8 The right not to be subject to automated decision making and profiling rights.
Requests to exercise these rights should be generally handled in one month.
Where the SmartLogicIT Solutions Services operates in various countries, where legally permissible, SmartLogicIT Solutions Services may store, use, transfer, and otherwise process personal data of staff, customers in countries outside of the country of their residence, which may have different data protection rules.
SmartLogicIT Solutions Services may transfer and/or disclose personal data of its staff and customers to any company within the SmartLogicIT Solutions Services group of companies and to specific third parties acting on SmartLogicIT Solutions Services behalf. Such intra-group international data transfers will be subject to legally binding agreements, which provide enforceable rights for data subjects.
This also includes processing data outside the European Economic Area. SmartLogicIT Solutions Services may transfer personal data outside the EEA to a third country or international organization that does not provide an adequate level of data protection, only with explicit consent.
SmartLogicIT Solutions Services will ensure that all (processing and (sub)processing) agreements it enters into with our clients, service providers or others, that involve the processing of personal data, are subject to a documented legal contract that includes specific provisions and terms as required by the GDPR.
GDPR requires SmartLogicIT Solutions Services to notify relevant Data Protection Authorities (DPAs) within 72 hours of becoming aware of a personal data breach unless the breach is unlikely to result in a risk to the rights and freedoms of impacted data subjects. SmartLogicIT Solutions Services must also notify impacted data subjects without undue delay when a high risk to rights and freedoms is likely. SmartLogicIT Solutions Services as a processor must notify their clients (data Controller) of a data breach without undue delay. As SmartLogicIT Solutions Services BV is established in Amsterdam, the Dutch DPA is SmartLogicIT Solutions Services lead authority.