The General Data Protection Regulation (GDPR) was introduced to align all EU member state' methods of data regulation. It will protect EU citizens from for organizations handling data irresponsibly. GDPR will come into force May 25, 2018.
How the General Data Protection Regulation (“GDPR”) affects your business depends on how you interact with personal data. Under the GDPR, “personal data” means any information relating to an identified or identifiable natural person(a 'data subject'), including by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
GDPR separates these roles into two groups: Data Processors or Data Controllers.
These include businesses that provide goods, services, track or monitor EU residents and decide why and how (the “purposes and means”) personal data is collected and processed. If you are using Daylite, or Billings Pro and have EU customers, you are likely a data controller under the GDPR.
These include businesses that process data on behalf of data controllers.
Marketcircle is recognized as a data processor. We understand our obligations under the GDPR as both a data controller and when acting as a data processor on your behalf.
You may request access to your personal data which we may hold. We will need to verify your identity before providing you with the personal data we hold about you and once completed, we will respond within the time periods provided for as applicable under GDPR. There is no cost for such access request unless you require copies of records. We may not be able to provide you with access to your personal data if the information cannot be separated from the personal data of others, cannot be disclosed for reasons of security or commercial confidentiality, or is protected by legal privilege. If we cannot provide you with access to your personal data, we will advise you of the reasons access is being denied, unless we are prohibited by law from doing so.
You may ask us to update and change your personal data. We will endeavour to correct or update any personal data which you advise us is inaccurate or incomplete. Where appropriate, the amended information will be transmitted to third parties having access to such information.
Please contact us and begin the process to exercise your right to access. If you require your data provided in a specific format please indicate this during your initial request.
You may request that we terminate your account with us at any time. We will need to verify your identity before erasing the personal data that we hold about you and once completed, we will retain the personal data and database records associated with your account for up to ninety (90) days after we confirm that we have completed your request to delete your account and personal data. We will delete your personal data and database records from our servers, unless there is a legal or regulatory requirement for us to retain your data for a longer period. Your data cannot be recovered once it is removed from our servers.
Please contact us and begin the process to exercise your right to erasure.
You may obtain and reuse your personal data for your own purposes across different services. You can move, copy or transfer personal data easily in a safe and secure way.
If your company requires a DPA (data processing addendum), please download this file. Once your information has been filled in and the document has been signed, please email it to email@example.com. Once received, we'll send it back to you with our signature.
If your business collects data about people and businesses in the EU, you are likely a data processor and you need to be compliant with GDPR. Check out below and read the support articles which outline general workflows and processes you may use as at part of your GDPR strategy.