GDPR Compliance
Effective Date: 31st Aug 2022
Introduction
Zintlr is dedicated to ensuring compliance with the General Data Protection Regulation (GDPR) while providing valuable data services to our clients. This GDPR compliance document outlines how we adhere to GDPR as both a data processor and data controller.
What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection regulation enacted by the European Union (EU) to safeguard the privacy rights and personal data of EU citizens. GDPR came into effect on May 25, 2018, and it imposes strict requirements on the processing of personal data.
How GDPR Impacts the Sales and Marketing Industry
GDPR has significant implications for the Sales and Marketing industry, especially when it comes to data processing. Key aspects include
Consent: Contacts in the EU must provide explicit permission before receiving marketing communications.
Legitimate Interests: Direct marketing may be considered a legitimate interest under GDPR, but it must align with individuals' reasonable expectations.
Data Subject Rights: GDPR grants individuals rights over their data, including the right to access, rectify, and erase their personal information.
Data Processing by Zintlr
Zintlr may process personal data for various purposes, acting as both a data processor and data controller, depending on the specific context of data processing.
Legal Bases for Data Processing
Consent:
Explanation: Zintlr may process personal data when explicit consent has been obtained from the data subject for specific processing purposes. Example: Zintlr obtains consent from individuals to process their contact information for the purpose of sending them marketing communications.
Legitimate Interests:
Explanation: Zintlr may process personal data when we have a legitimate interest, provided that this interest is not overridden by the rights and interests of individuals. Example: Zintlr may use legitimate interests to process data for direct marketing purposes. For instance, we may collect and process contact information to provide industry insights to potential clients who have shown an interest in our services.
Contractual Necessity:
Explanation: Zintlr processes personal data when it is necessary to fulfill contractual obligations with clients or individuals. Example: If Zintlr enters into a contract with a client to provide data-related services, we may process data to deliver those services, such as generating tailored reports based on specific data requirements.
Data Subject Rights under GDPR
Under GDPR, data subjects have specific rights regarding their personal data. Zintlr respects these rights and is committed to facilitating their exercise:
Right to Confirmation
Right to Access
Right to Erasure
Right to Data Portability
Right to Object to Processing
Transparency and Consent
Zintlr is committed to transparency in data processing. We provide clear information about data processing activities, including purposes, legal bases, and rights of data subjects. Consent is obtained when required, and individuals are informed about their rights regarding data processing.
Data Security Measures
Zintlr employs robust data security measures to protect personal data from unauthorized access, disclosure, alteration, and destruction. We conduct regular security assessments and maintain industry standards in information security.
Data Incidents
Zintlr has established data incident response processes to address and notify data breaches promptly. We take steps to minimize any potential impact on data subjects.
Contact Information
For inquiries or requests related to PDPA compliance, please contact our Data Protection Officer (DPO) at [email protected].
Conclusion
Zintlr is dedicated to PDPA compliance and ensuring the privacy rights of individuals while delivering high-quality data services to our clients. This document outlines our commitment to data protection and our compliance with PDPA.