Embracing All Tones of Women Ltd’s Commitment to GDPR

Embracing All Tones of Women Ltd is, like many other companies, preparing for the General Data Protection Regulation (GDPR) [link to Privacy policy] when it comes into effect on 25th May 2018. We can assure you that we are taking the GDPR requirements very seriously and are working cross-functionally with all our teams to ensure that Embracing All Tones of Women Ltd’s privacy standards are always first class.

 

We believe that our current company practices are very respectful of our users’ privacy and all applicable privacy laws, but we are nonetheless using our GDPR readiness preparations as another opportunity to ensure that we do even better.

 

In case you have not already reviewed them, we also have a number of helpful articles on our website regarding Embracing All Tones of Women Ltd’s privacy and security compliance today:

  • Privacy Policy [insert link]

  • Cookie Policy [insert link]

  • Data Request Guidelines [insert link]

 

It is the intention of Embracing All Tones of Women Ltd to act in compliance with GDPR Article 5 by ensuring that personal data shall be:

 

  1. lawfully and fairly processed in a transparent manner in relation to individuals;

 

  1. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;

  2. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

  3. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

  4. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and

  5. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”

Embracing All Tones of Women Ltd acknowledges its role as a Data Controller who “shall be responsible for, and to be able to demonstrate, compliance with the principles.”

 

Some updates on our GDPR readiness plans:

 

Individuals Rights - Embracing All Tones of Women Ltd is committed to respecting the rights of Individuals with respect to their personal data. We have reviewed how we have collected data in the past and set processes in place for collection of data in future that complies with the new GDPR legislation. We have communicated with all Owners of Data informing them of our new Privacy Policy, informing them of how we will use their data, and giving them the option to opt in or out in relation to the different ways we collect, hold, use and share their data.

 

Lawful Basis for Processing Personal Data - Under GDPR, Embracing All Tones of Women Ltd is classified as a Data Controller. Embracing All Tones of Women Ltd has a lawful basis to collect, hold, use, and share data of clients and Users of our sites, platforms and pages. We have created a new Privacy Policy [insert link] where this is noted.

 

Consent - We have reviewed how we seek, record and manage consent and have amended our processes for doing this in order to be in compliance with GDPR.

Embracing All Tones of Women Ltd only collects, stores, uses, and shares data with individuals who have given consent using a positive opt-in freely given, specific, informed and unambiguous. Embracing All Tones of Women Ltd also has included simple ways for individuals to withdraw consent.

We have reviewed our marketing activities to ensure that all third parties where Embracing All Tones of Women Ltd products and services, and content relating to Embracing All Tones of Women Ltd products and services is promoted, also have taken steps to be in compliance with GDPR. As these third parties may be sources for initial communication with new Data Owners, we have ensured that the Privacy Policy of these third parties is in alignment with GDPR and with the Embracing All Tones of Women Ltd Privacy Policy.

We will inform all Data Owners that their personal data is being shared with those third parties and give the Data Owners the option to opt in or out.

 

Data Breaches - Embracing All Tones of Women Ltd has reviewed procedures for detecting, reporting, and investigating data breaches.

 

Reporting - Embracing All Tones of Women Ltd will report a data breach to the ICO where the breach is likely to result in the risk to the rights and freedoms of individuals, including discrimination, damage to reputation, financial loss, loss of confidentiality, or any other significant economic or social disadvantage.

 

Passwords - Passwords are an important aspect of computer use and security. All users, including contractors and vendors with access to Embracing All Tones of Women Ltd systems, are responsible for taking the appropriate steps to select and secure their passwords. Password complexity is enabled and a must.

 

Data Protection Officers – At Embracing All Tones of Women Ltd Data Protection falls under Technology/Infrastructure and Marketing. We have allocated a designated officer to manage Data Protection. In addition, Embracing All Tones of Women Ltd has notified all employees about GDPR and all employees have read the new Privacy Policy.

 

International - Embracing All Tones of Women Ltd only has operational facilities, and therefore its “main establishment” in the UK. The data protection supervisory authority for the UK is the ICO. The majority of Embracing All Tones of Women Ltd’s data falls within the UK. The lead supervisory authority for the UK is the ICO. Therefore, the ICO will lead any investigations regarding the data of Embracing All Tones of Women Ltd. The ICO may work with supervisory authorities from other jurisdictions where applicable.

 

Summary

 

We are confident of our ability to ensure that we (and by association our customers when using Embracing All Tones of Women Ltd can comply with GDPR by the deadline in May 2018. If you have any specific questions regarding the GDPR requirements and how this may impact your use of Embracing All Tones of Women Ltd please feel free to let us know [link to email address] and a member of our team will respond.

Copyright © 2018 EATOW | All Rights Reserved | Company Number: 10045401