We have a mobile application that acts as a shopping mall - users register in our application (so we process their personal data), and we have various shops that offer their products and services through our application. Once a user wants to purchase a product/service, we process the payment through the payment processor, and forward the personal data of the user to this shop so that the shop can deliver the product/service directly to the user.
So the question is: are we joint controllers with these shops according to GDPR?
Videos and names
Hi there Dejan,
I just have a quick question. I recorded videos of my zoom teaching and I always had verbal consent of my students, since the video only shows me, nobody or nothing else. I do say the first name of my students though, when I correct them. Now since I am teaching a lot less online again I have been asked to put up a youtube channel. I initially didn't think I would ever use the recordings to more than just for my own analyzing process. But now I was wondering, is it a data right conflict if I say people's first name in the videos and would upload them publicly? They do not talk and most of them I could probably contact and ask if they're ok with it. Just in case I miss a name somewhere of someone I didn't ask, and I repeat I did never mention the last name nor are they seen anywhere, nor do I say anything but a correction to them, would this be considered a violation of data/personal rights already?
Thank you so much in advance. I am sure you usually have other clients. Thank you so much for taking the time to read this.
1. We are a processor and have received a data subject access request via the controller for a personal data that is bundled together with personal data from several different persons - how should we respond, because if we provide any information, we would reveal personal data from other data subjects as well?
2. For a company based in the UK, should we register the name of our DPO with the ICO?
Vendita di un piccolo centro estetico
Sto vendendo un piccolo centro estetico in provincia di ***. Mi chiedo come e se posso cedere i dati del gestionale alla nuova acquirente, in fondo lei mi paga l'avviamento e si aspetta il numero delle clienti ...grazie
Hi. I am brand new to a DPO role. How would it work if we hold data for customers outside of the UK, do we need to follow any GDPR guidelines for their country or as long as we have details in our Privacy this covers us?
Basic question on GDPR
I have few basic question on GDPR
1. Is there a version in GDPR ? (eg. 9001:2015, 27001:2013 etc standards)
2. If yes, what is the duration in which we get a new version ??
3. Will there be significant changes from the older version ??
4. Do we have to study & remember all the chapters 1 to 11 (99 Articles) explained in GDPR ??
5. What do we have to study, to pass CIPM certifications ?
Transfer of pesonal data under GDPR
Hello, our company process customers' personal data for the Client. We are providing consulting services for the customers, including consulting on air transportation issues. If a particular customer asks to transfer his/her personal data to a third party service provider which deals with these issues to assess the possibility of entering into a contract with such customer, this third party service provider would be a controller under GDPR before it enters into a contract with a customer? Or he would be in some different role? Thanks.
GDPR Checkpoints in ISO 27001 Audit Checklist
I purchased the ISO 27001 Audit Checklist and want to know which points / clauses in it are applicable as check point for GDPR.
Is consent obligatory for our products?
1. Do we have to use consent for our product, or can we use legitimate interest as the basis for our processing?
2. If we use consent, are we allowed to deny the user the use of our service if they do not consent?
For some background, our product is an IoT device which communicates with our web servers hosted on GCP, to store user emails and device sensor data in order to send out email alerts and provide sensor data visualizations. It also allows user control over the unit.
When speaking about international organizations: if transferring personal data to the US what transfer mechanisms should be in place. Can you give an example?