GDPR COMPLIANCE STATEMENT
What is GDPR Compliance?
The General Data Protection Regulation (GDPR - https://www.eugdpr.org/) is an EU-wide regulation for the protection of European citizens data that came into force on 25th May 2018 and all companies that collect such data will need to comply with it. It establishes a set of compliance and security processes around managing personally identifiable information so that is not misused. Currently there is no certification of license required or available for GDPR.
Sourcified’s commitment towards GDPR
Our members right to privacy is a main priority for Sourcified and because of this, compliance with and to international law and regulations are core values. Our focus is to process payments securely and efficiently whilst adhering to the latest changes and updates within the payments industry and EU regulations.
We do so by:
- Build GDPR compliance for our IT infrastructure and IT services
- Have a designated Data Protection Officer (DPO)
- Raise awareness surrounding data collection and advertising
- Actively work to increase data protection to ensure a trusted and safe service
You can find more information about our GDPR efforts in:
- Terms of Service
- Extended Terms of Service
Where is personal data stored?
Our datacenters are located in the United States, Netherlands and in Malta.
Some of the key ways we comply with these regulations are:
- Consent. Sourcified explain what you’re consenting to and ask that you explicitly consent to contact from us.
- Breach Notification. In the event of a data breach we will notify affected members within 72 hours of first having become aware of the data breach.
- Right to Access. Members can request confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Further, we shall provide a copy of the personal data, free of charge, in an electronic format. We will send this copy to your registered email address.
- Right to be Forgotten. Once we have compared your rights to the public interest in the availability of the data, we may delete your personal data where you have requested this.
- Data Portability. We allow you to receive the personal data covering you, which we will provide in a commonly used and machine readable format and you have the right to transmit that data to another data controller.
- Privacy by Design. We implement appropriate technical and organisational measures, in an effective way, in order to meet the requirements of this Regulation and protect the rights of data. We hold and process only the data absolutely necessary for the completion of our duties (data minimisation), as well as limiting the access to personal data to those needing to act out the processing.