Optiwiz

+1 (302) 722-6061
hello@optiwiz.com
Linkedin Facebook Twitter Instagram
Menu

GDPR

What is GDPR

Overview

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and is designed to harmonize data privacy laws across Europe. The GDPR is intended to protect and empower all EU citizens when it comes to data privacy and to reshape the way organizations across the region manage data.

Basic GDPR terms

Data Subject: Any information that enables a person/entity (aka: the data subject) to be identified such as by a name, identification number, location data, or an online identifier. This can also reference one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of the data subject. This refers to Optiwiz’s customer’s clients.

Controller: The natural or legal person, public authority, agency, or another body which, alone or jointly with others, determines the purposes and means of the processing of personal data. This refers to Optiwiz’s customers.

Processor: Any operation performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, use, disclosure by transmission, dissemination, alignment or combination, restriction, erasure, or destruction at the direction of a Controller. This refers to Optiwiz.

Rights of the Data Subject

Optiwiz (as a Processor) enables its customers (the Controllers) to comply with their user’s (Data Subject) requests to exercise the Rights of the Data Subject under Article (12 – 23) of the General Data Protection Regulation (GDPR).

Right of access by the data subject

The Data Subject shall have the right to obtain from the Controller confirmation as to whether or not their personal data is being processed.

The Controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the Data Subject, the controller may charge a reasonable fee based on administrative costs.

What it means with respect to Optiwiz

Optiwiz will facilitate the export of the Data Subject’s information, at the request of a Controller, including:

  • Any user identifiers
  • Attributes
  • Activity for that user
Right to rectification

The Data Subject shall have the right to update or correct, without undue delay, inaccurate personal data concerning their information maintained by the Controller. If the Controller has disclosed the personal data in question to third parties, they must inform the data subjects of the rectification wherever possible.

What it means with respect to Optiwiz

Controllers are provided with a facility to modify or update user profile data as necessary.

Right to erasure (‘right to be forgotten’)

The Data Subject shall have the right to obtain, from the Controller, the deletion of personal data concerning them.

What it means with respect to Optiwiz

Controllers are provided with a facility to delete user profile data as necessary.

Right to restriction of processing

The Data Subject shall have the right to obtain, from the Controller, restriction of processing due to the inaccuracy of personal data, the processing is unlawful, or the Controller no longer needs the personal data for the purposes of the processing.
A Data Subject who has obtained a restriction on data processing shall be informed by the Controller before the restriction on processing is lifted.

What it means with respect to Optiwiz

Facility to restrict processing user data.

Right of data portability

The Data Subject shall have the right to receive a copy of their personal data collected by the Controller. It should be in a structured, commonly used and machine-readable format. The Data Subject has the right to transmit that data to another controller without hindrance from the original Controller.

What it means with respect to Optiwiz

Controllers are provided with a facility to export data as necessary.

Right to object

There are three basic rights that can be used with regard to objecting to the processing of personal data under GDPR:

  1. Processing for direct marketing purposes
  2. Processing for scientific, historical research, or statistical purposes
  3. Processing based on two specific purposes:
    1. related to processing for specific purposes
    1. or which is justified on a particular basis.

There is no right for an individual to object to processing in general.

What it means with respect to Optiwiz

Controllers are provided with a facility to restrict user data when there is an objection to processing.