Embracing All Tones of Women Ltd’s Commitment to GDPR
We believe that our current company practices are very respectful of our users’ privacy and all applicable privacy laws, but we are nonetheless using our GDPR readiness preparations as another opportunity to ensure that we do even better.
In case you have not already reviewed them, we also have a number of helpful articles on our website regarding Embracing All Tones of Women Ltd’s privacy and security compliance today:
Data Request Guidelines [insert link]
It is the intention of Embracing All Tones of Women Ltd to act in compliance with GDPR Article 5 by ensuring that personal data shall be:
lawfully and fairly processed in a transparent manner in relation to individuals;
collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
Embracing All Tones of Women Ltd acknowledges its role as a Data Controller who “shall be responsible for, and to be able to demonstrate, compliance with the principles.”
Some updates on our GDPR readiness plans:
Consent - We have reviewed how we seek, record and manage consent and have amended our processes for doing this in order to be in compliance with GDPR.
Embracing All Tones of Women Ltd only collects, stores, uses, and shares data with individuals who have given consent using a positive opt-in freely given, specific, informed and unambiguous. Embracing All Tones of Women Ltd also has included simple ways for individuals to withdraw consent.
We will inform all Data Owners that their personal data is being shared with those third parties and give the Data Owners the option to opt in or out.
Data Breaches - Embracing All Tones of Women Ltd has reviewed procedures for detecting, reporting, and investigating data breaches.
Reporting - Embracing All Tones of Women Ltd will report a data breach to the ICO where the breach is likely to result in the risk to the rights and freedoms of individuals, including discrimination, damage to reputation, financial loss, loss of confidentiality, or any other significant economic or social disadvantage.
Passwords - Passwords are an important aspect of computer use and security. All users, including contractors and vendors with access to Embracing All Tones of Women Ltd systems, are responsible for taking the appropriate steps to select and secure their passwords. Password complexity is enabled and a must.
International - Embracing All Tones of Women Ltd only has operational facilities, and therefore its “main establishment” in the UK. The data protection supervisory authority for the UK is the ICO. The majority of Embracing All Tones of Women Ltd’s data falls within the UK. The lead supervisory authority for the UK is the ICO. Therefore, the ICO will lead any investigations regarding the data of Embracing All Tones of Women Ltd. The ICO may work with supervisory authorities from other jurisdictions where applicable.
We are confident of our ability to ensure that we (and by association our customers when using Embracing All Tones of Women Ltd can comply with GDPR by the deadline in May 2018. If you have any specific questions regarding the GDPR requirements and how this may impact your use of Embracing All Tones of Women Ltd please feel free to let us know [link to email address] and a member of our team will respond.