The Barakah Sale: 25% OFF on all packages—grab it now before it’s gone! Register Now
The GDPR is the European Union’s new, comprehensive privacy and data protection law that will take effect on May 25, 2018. The primary aim of the GDPR is to regulate how the personal data of EU residents is processed – even by businesses that have no physical or legal presence in the EU. Organizations can face hefty fines for non-compliance: up to €20 million or 4 percent of annual global revenue, whichever is higher.
The GDPR applies to all organizations operating in the EU and processing “personal identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable natural person.
One of the key aspects of the GDPR is that it creates consistency across EU member states on how personal data can be processed, used, and exchanged securely. Organizations will need to demonstrate the security of the data they are processing and their compliance with GDPR on a continual basis, by implementing and regularly reviewing robust technical and organizational measures, as well as compliance policies.
Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data
Data Processor - the entity that processes data on behalf of the Data Controller
Data Subject - a natural person whose personal data is processed by a controller or processor
In this case, ‘TSQ media’ is the Data Controller. ‘ Pure Matrimony’ is the Data Processor. The end-user at Pure Matrimony is the Data subject.
Pure Matrimony is currently working on updating its data protection policies and continuing to review its security measures, as we always do, to stay at the forefront of evolving industry standards and best practices.
Pure matrimony is also taking a ‘data protection by design and default’ approach - putting appropriate data protection measures in place throughout the entire lifecycle of our processing operations.
Our contractual commitments guarantee that we can:
GDPR empowers data subjects with certain rights. Through these rights, data subjects can make a specific request and be assured that personal data is not being misused for purposes other than the legitimate purpose for which it was originally provided. Let us understand the different rights requests that a data subject can make as a customer, as an employee, and as personnel of a supplier.
1) Right to information
This right provides the data subject with the ability to ask a company for information about what personal data (about him or her) is being processed and the rationale for such processing. For example, a customer may ask for the list of processors with whom his or her personal data is shared.
2) Right to access
This right provides the data subject with the ability to get access to his or her personal data that is being processed. This request provides the right for data subjects to see or view their own personal data, as well as to request copies of the personal data.
3) Right to rectification
This right provides the data subject with the ability to ask for modifications to his or her personal data in case the data subject believes that this personal data is not up to date or accurate.
4) Right to withdraw consent
This right provides the data subject with the ability to withdraw a previously given consent for processing of their personal data for a purpose. The request would then require the company to stop the processing of the personal data that was based on the consent provided earlier.
5) Right to object
This right provides the data subject with the ability to object to the processing of their personal data. Normally, this would be the same as the right to withdraw consent, if consent was appropriately requested and no processing other than legitimate purposes is being conducted. However, a specific scenario would be when a customer asks that his or her personal data should not be processed for certain purposes while a legal dispute is ongoing in court.
6) Right to object to automated processing
This right provides the data subject with the ability to object to a decision based on automated processing. Using this right, a customer may ask for his or her request (for instance, a loan request) to be reviewed manually, because he or she believes that automated processing of his or her loan may not consider the unique situation of the customer.
7) Right to be forgotten
Also known as right to erasure, this right provides the data subject with the ability to ask for the deletion of their data. This will generally apply to situations where a customer relationship has ended. It is important to note that this is not an absolute right, and depends on your retention schedule and retention period in line with other applicable laws.
8) Right for data portability
This right provides the data subject with the ability to ask for transfer of his or her personal data. As part of such request, the data subject may ask for his or her personal data to be provided back (to him or her) or transferred to another controller. When doing so, the personal data must be provided or transferred in a machine-readable electronic format.
A rights request can be made by the data subject or their legal representative. Such individuals could be a customer, an employee, or personnel of a supplier working for the company. Also, such request should usually be made in writing.
The General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018, provides data subjects with an array of privacy rights, which provide individuals with greater transparency into and control over uses of their personal information.
At this point, you may be asking how Pure Matrimony aligns with the privacy rights and where you can learn more about our support to GDPR compliance
Purpose of the GDPR Obligation |
Ensure transparent communication with data subjects regarding the processing of their personal data. Ensure data subjects are notified of their rights under the GDPR. |
Actions taken by Pure Matrimony in compliance with GDPR for You |
Pure Matrimony’s Terms & Conditions Agreement, Privacy Policy and Cookie Policy provide a transparent notice to inform its data subjects along with this GDPR FAQ to create awareness on the regulation and data subject rights. |
Exceptions to the GDPR Obligation |
A data controller is exempt from these obligations if it cannot identify which personal data in its possession relates to the relevant data subject (i.e., if personal data is anonymized and cannot be re-identified). |
Purpose of the GDPR Obligation |
Allow data subjects to require a data controller to rectify any errors in their personal data. |
Actions taken by Pure Matrimony in compliance with GDPR for You |
Pure Matrimony administrators and data subjects have access to their profiles to amend inaccuracies. |
Exceptions to the GDPR Obligation |
Provision of this right to a data subject should not adversely affect an organization’s intellectual property (i.e., giving access to a data subject should not require disclosure of trade secrets). |
Purpose of the GDPR Obligation |
Provide data subjects with the right to delete their personal data if the continued processing is not justified. For example, you may need to delete your customer’s personal data to comply with your GDPR obligations. |
Actions taken by Pure Matrimony in compliance with GDPR for You |
Pure Matrimony provides data subjects with the option to deactivate their accounts and request Pure Matrimony administrators to depersonalize their data. |
Exceptions to the GDPR Obligation |
A company is not required to delete data, except when one of the following reasons is present: · The personal data is no longer needed in relation to the purposes for which it was collected or otherwise processed. · The data subject withdraws consent, and there are no other legal grounds for processing. · The data subject objects to processing, and there are no overriding legitimate grounds for processing. · The personal data has been unlawfully processed. · The personal data has to be erased for compliance with a legal obligation. · The personal data has been collected in relation to the offer of information society services to a minor under 16 years old. |
Purpose of the GDPR Obligation |
Provide data subjects the right to limit the purposes for which the data controller can process personal data. |
Actions taken by Pure Matrimony in compliance with GDPR for You |
Pure Matrimony has documented and implemented internal mechanisms for limiting the processing of personal data to only certain specified uses relating to Pure Matrimony products and services. Functionality is currently available to suspend/unsuspend data subjects. Pure Matrimony can also export and retain data while processing has ceased. |
Exceptions to the GDPR Obligation |
The requirement to restrict processing generally applies under the same circumstances as the right to be forgotten and/or when the following circumstances exist: · The accuracy of the personal data is contested (and only for as long as it takes to verify that accuracy). · The processing is unlawful, and the data subject requests restriction (and the data subject is not exercising the right to be forgotten). · The data controller no longer needs the personal data for the original purpose but still requires it to establish, exercise, or defend a legal right. · Verification of overriding ground is pending (in the context of a deletion request). |
Data Portability
Purpose of the GDPR Obligation |
Provide data subjects with the right to transfer their personal data between data controllers. |
Actions taken by Pure Matrimony in compliance with GDPR for You |
Pure Matrimony has developed and implemented mechanisms to enable its data subjects to export profile data. |
Exceptions to the GDPR Obligation |
Inferred and derived personal data (e.g., a message response rate, personality test report) are not included because they are not “provided by the data subject.” Data controllers are not obligated to retain personal data simply for the purposes of providing a copy of the personal data pursuant to a potential data subject request. |
Purpose of the GDPR Obligation |
Provide data subjects with the right to Cease processing personal data based upon specific data subject requests |
Actions taken by Pure Matrimony in compliance with GDPR for You |
Pure Matrimony has documented and implemented internal mechanisms to: · Cease processing personal data based upon specific data subject requests and the particular reasoning for objecting to processing. · Cease processing for direct marketing purposes upon request. · Cease processing of personal data for scientific, historical, or statistical purposes. |
Exceptions to the GDPR Obligation |
Data controller must cease processing upon request unless: · The data controller demonstrates compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject. · The data controller requires the data in order to establish, exercise, or defend legal rights. · Processing for scientific, historical, or statistical purposes is carried out for reasons of public interest. |
Last Update : 18th May 2018.
Free to download