LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

GDPR privacy policy

  Quote
Guest
Guest user Created:   May 12, 2018 Last commented:   May 14, 2018

GDPR privacy policy

1. Hi there, I am writing the GDPR privacy policy notice with EU jurisdiction in mind even though we are an American company? If so, what would be the governing office be where consumers could file a complaint?
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Andrei Hanganu May 12, 2018
2. And how long are we required to keep information before have to destroy it?

Answers:

1. In order to be able to provide an answer you I would need more information on whether you are a controller or processor, what services you are providing, where are your customers located in the EU.
2. The EU GDPR states that data should not be kept “longer than is necessary for the purposes for which the personal data are processed” so there is not fixed period to do that unless there is a specific EU member state legal requirement to keep the date longer. This needs to be assessed o a case by case basis considering the purpose of processing as well as the type of data. For example, usually, invoices should be kept for 5 years

To learn more about the EU GDPR check out our free “EU GDPR Foundations Course” https://training.advisera.com/se/eu-gdpr-foundations-course//
Quote
0 0
Guest
raquelathelp May 14, 2018
Hi there, We are writing our privacy policy notice as a Controller in this case. We are a live chat software company. In this scenario we are writing the policy towards people who would visit our website and include their name/identifiable information in our information field so they can chat with us about our software. That means anyone in any country in the EU using our live chat could hypothetically be a data subject, even though we are an American company.
Quote
0 0
Expert
Andrei Hanganu May 16, 2018
Hypothetically yes, especially if you sell your chat software to EU companies this means you may be targeting data subjects in the Union.
Quote
0 0
Guest
raquelathelp May 16, 2018
Okay, so knowing this, when writing the privacy notice, should we say under EU law, under US law, or both?
Quote
0 0
Expert
Andrei Hanganu May 17, 2018
Only EU law
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 12, 2018

May 17, 2018

Suggested Topics

Guest user Created:   May 22, 2020 EU GDPR
Replies: 1
0 0

GDPR privacy policy - and Facebook

Guest user Created:   May 16, 2018 EU GDPR
Replies: 1
0 0

GDPR privacy policy

Guest user Created:   Sep 28, 2020 EU GDPR
Replies: 1
0 0

Privacy policy and GDPR docs