The General Data Protection Regulation (“GDPR”) takes effect on May 25, 2018. In attempt to harmonize and simplify data-protection laws, the regulation introduces new requirements regarding processing of personal data of data subjects located in the EEA.
Citta (“Company”) is implementing GDPR compliance with urgency and seriousness to all of the Company’s products and platforms. The following is a general overview which details the Company’s compliance with GDPR.
Company only processes personal data to the extent necessary and in accordance with applicable privacy laws including the GDPR. In addition, Company does not lease, sell or distribute data. According to agreements with third party providers, Company’s DPO actively monitors Third Party’s adherence to GDPR.
In addition, Company has ensured all documents, including without limitations, agreements, privacy policies online terms, IOs are compliant with the GDPR.
The Company completed the process of mapping out all of its data (including all data sets) and it technical and organizational security measures, all as stipulated in our security policy.
Company maintains accurate and accessible written records to the extent legally required to provide authorities and legally entitled users, all in a timely manner. In accordance with GDPR, data subjects may exercise the right to access, rectification, restrict processing, erasure, data portability, the right to complain to a supervisory authority and the right to not be subject to automated processing.
Company has the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident. Company’s DPO has implemented robust training processes in the event of a data breach and will provide regulators and users with an immediacy of notification to the extent required under applicable law.
Company has appointed a DPO in order to ensure ongoing compliance with the GDPR which can be contacted at: firstname.lastname@example.org