Guest
Is the EU-US Privacy Shield GDPR compliant?
Let's say a contact registers for my event wherein, while they register i have clearly given them option to "opt out" of any communication that goes out through me. If they do not "opt out", then does that give me the consent to contact them? Is not opting out, considered as giving consent to contact or do we need to add in "opt in" options like how we have "opt out" options?
I am looking for clarification on the GDPR process for legal basis for collection of personal information.
I would like to know a how long I should hold on to personal details, for example. Financial and Health Declarations.
How does your documentation help with digital consent registration (for example, a user accepts the cookies on my website or subscribes to a newsletter)? Since the consent needs to be stored or registered somewhere, but I don’t see it anywhere in your documentation.
I would like to know more about what it looks like when a partner company obtains personal data for its own company.
I am initially assuming that the partner will then be responsible for data protection? And or how exactly does this have to be contractually clarified or formulated?
I would be very happy to receive a feedback.
I am selling tickets to my online event. Can I save my customers information in my CRM and email them about the event they purchased a ticket for?
I sent an email to my company's HR about some issues, who said they wish to know who I am (i.e., whether I am an employee, customer, relation to an employee etc.) in order to keep their response GDPR compliant. Is this in any way GDPR-relevant, and would it not risk being less compliant by asking for more personal detail where it is most likely irrelevant to do so?
I did get the file and extracted it.
It has the additional files you mentioned, but there is not one for a Data erasure requests, only the confirmation of erasure. My question for you, is what should we use to confirm that someone has asked us to delete their data?
Should we use a combination of :
07.10_Confirmation_of_Data_Subject_Rights_Request_Premium_EN
07.6_Data_Subject_Access_Request_Form_Premium_EN
I asked a member of my voluntary organisation to email me her complaint about the conduct of other members of the organisation. She then sent me a file which contained potentially libellous allegations against a non-member. I forwarded the file to an another officer to be considered. In the meantime, the complainant has circulated that file without authorisation to other members of our organisation. Is the organisation or myself in breach of GDPR security, although I have only circulated the file to one other officer, whose advice was that we are not competent to consider the case of the person named in the file in connection with criminal misconduct (without any supportive evidence). Or is it only the complainant who may be guilty of a breach, for circulating her own personal and original copy of the file to others?