SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
The right toolkit
We provide a service to universities to manage retention. Universities transfer student and faculty information to us and then use the service to add data about student performance and actions taken to assist the student. I believe we would be considered a data processor rather than a controller. Is that correct? If so, which version of your toolkit would be most appropriate? -
Processing of the data
When the processing of the data was associated with a transfer to other companies or to the legitimate client of the responsible: -
GDPR privacy policy
1. Hi there, I am writing the GDPR privacy policy notice with EU jurisdiction in mind even though we are an American company? If so, what would be the governing office be where consumers could file a complaint? -
Gender and date of birth
In our members database we record: -
Being compliant with the GDPR
I'm working on making sure my website is compliant with the GDPR. I manage it for a company based in the US that sells products/services to the EU, although not on a frequent basis. I'm having trouble understanding the part about transferring EU users data to other countries. Specifically, I'm wondering how to handle the fact that we have a contact form on our website and the form submissions are stored on my web host, who is based in the US, but may also have multiple servers around the world (CDN). I've been searching the web, but haven't found an answer for this scenario yet. Any thoughts? -
3rd Party Contractors
We have third party contractors/freelancers who are employed on specific assignments and may have access to some of the data. They do not use it for any other purpose other than to deliver the work assigned by BF. They are also bound by Non-disclosure agreements. I assume they do not count as third parties, given the nature of the relationship between the Freelancers and Brand Finance and the strict limitations on what they can use it for. -
Childcare registers being GDPR compliant
Please could you advise what information we are permitted to have visible to a) staff and b) parents? There is essential information we need to have to hand ie. medical details but want to ensure we are GDPR compliant? Please could you help? -
Privacy notice/ Privacy policy
1. Could you please specify the difference between Privacy notice/ Privacy policy . Are both of them required ? -
Supplier Data processing Agreement
1. Is there any contract development document in the EU GDPR Documentation Toolkit (if I want to establish a contract between the controller and the processor)? -
Data Portability
I’m unsure about how we will provide users with a copy of their personal data. Is there any guidance on this? What type of data should be send to them? Eg. can ex-employees request copies of all emails they sent ?