Overview of GDPR
The General Data Protection Regulation (GDPR) is an EU law designed to give citizens more control over their personal data. Organizations handling data of EU citizens must comply with these regulations, ensuring data privacy and protection.
PurviewBPM’s Commitment to GDPR Compliance
- Privacy Policy Updates
- Our privacy policy has been updated to align with GDPR requirements. We ensure that EU citizens are informed about how their data is collected, used, shared, protected, and processed.
- Transparency
- We adhere to the principle of transparency, ensuring that information is clear, accessible, and written in plain language. Visual aids are used to enhance understanding. Information is made available at appropriate and easily accessible sources.
GDPR Compliance Measures
- Data Collection and Handling
- PurviewBPM collects and uses information about clients, suppliers, employees, business contacts, and others. Our GDPR policy outlines how this personal data must be collected, handled, and stored to comply with the law.
- Data Protection Practices
- We follow good data protection practices to:
- Comply with data protection regulations.
- Protect the rights of staff, clients, and partners.
- Be transparent about how we store and process personal data.
- Protect against data breaches.
- We follow good data protection practices to:
Data Protection Principles
Under GDPR, personal data must:
- Be processed fairly and lawfully.
- Be obtained for specific, lawful purposes.
- Be adequate, relevant, and not excessive.
- Be accurate and kept up to date.
- Not be held longer than necessary.
- Be processed in accordance with the rights of data subjects.
- Be protected against unauthorized access and loss.
- Not be transferred outside the EEA unless adequate protection is ensured.
Responsibility and Risk Management
- Scope of GDPR Policy
- Our GDPR policy applies to:
- PurviewBPM’s headquarters.
- All branches of PurviewBPM.
- All staff and volunteers.
- All contractors and suppliers working on behalf of PurviewBPM.
- It also applies to all personal data we hold, regardless of its format.
- Our GDPR policy applies to:
- Data Protection Responsibilities
- Board of Directors: Ensures overall compliance.
- Data Protection Officer: Manages data protection duties, including policy review, staff training, and handling data protection queries.
- IT Manager: Ensures data security, conducts regular checks, and assesses third-party services.
- Marketing Manager: Manages data protection in communications and marketing initiatives.
General Staff Guidelines
- Data Access and Security
- Only authorized personnel should access data.
- Data should not be shared informally.
- Strong passwords must be used and kept confidential.
- Personal data should be regularly reviewed and updated.
- Unnecessary data should be securely deleted.
- Data Storage
- Paper records should be kept in secure locations.
- Electronic data should be protected by strong passwords and stored on secure servers.
- Regular backups should be performed and tested.
- Personal data should not be stored on personal devices.
- Data Use
- Personal data should be used responsibly and securely.
- Data should be encrypted before electronic transfer.
- Personal data should not be transferred outside the EEA.
Ensuring Data Accuracy
- Data Accuracy
- Efforts are made to ensure data is accurate and up to date.
- Clients can update their data via our website.
- Inaccurate data is corrected promptly.
Subject Access Requests
- Individual Rights
- Individuals have the right to request information about their data, how it is processed, and how to access it.
- Subject access requests should be directed to the Data Protection Officer at info@purviewbpm.com.
Data Disclosure
- Law Enforcement Requests
- Personal data may be disclosed to law enforcement agencies under specific circumstances, ensuring the request is legitimate.
Communication and Awareness
- Privacy Statement
- Our privacy statement explains how personal data is used and how individuals can exercise their rights.
Data Protection Officer Role
- DPO Responsibilities
- Ensures compliance, advises on data protection obligations, and serves as a point of contact for data subjects and regulatory authorities.
Rights of Clients and Partners
- GDPR Rights
- Clients and partners have various rights under GDPR, including access, rectification, erasure, restriction, data portability, objection, and more. Complaints can be filed with the data protection authority.
For more information, contact us at info@purviewbpm.com or call +1 775 964 8555.