Bringing you up to date with GDPR Compliance, necessary for businesses wishing to operate in the European Union.
REVCURV has made every effort to provide a detailed overview of GDPR compliance and how it supports REVCURV business to operate within the confines of this regulation, especially when it comes to customer data and its verification through REVCURV. The following compliance guide only reflects the practices, procedures and upgrades introduced in the internal working of REVCURV to make its services GDPR complaint. Individuals who still have concerns over REVCURV's GDPR compliance are advised to engage the services of a legal counsel in order to have a better understanding of GDPR compliance and the liabilities that come along with it.
GDPR came into effect on 25th May 2018, and REVCURV has wasted no time to make its services fully compliant with the EU’s User Data and Protection guidelines. REVCURV have adopted an approach of data process control to better protect the interests of not only REVCURV's clients but their customers as well.
Here is a summary of GDPR sections that are applicable for the customers and users of REVCURV services.
GDPR needs the websites and online businesses to intimate users that they are using cookies. The language of this intimation is also desired by GDPR to be easily understandable for an average user. Consent is required from the user before they are tracked because of these cookies. We have updated our cookies policy in this regard as well.
GDPR only allows collection of user data for a legal reason. REVCURV only collects data for verification purposes as per the legal agreement signed by REVCURV and its customers. This data will be limited to verification of the credentials, identity or any other related verification that was required by our customers to be provided as per the legal agreement.
GDPR requires businesses and websites to forget and delete the user data when requested by the user REVCURV has taken steps to provide full control to the end-users about their data that they have submitted for identity verification.
Here is our Plan for GDPR Compliance
The GDPR legislation was formed to harmonise data privacy laws across Europe. Empowering all EU citizen’s data privacy in the process, and to reshape how organizations approach data privacy in a secure and transparent manner.
At REVCURV, major efforts have been made to assist our users, businesses and our clients, by helping them to understand what GDPR means for their businesses and to assist them in establishing a compliant process of their own. Considering that aspect, we have made improvements to our REVCURV platform to ensure that we stand at par with the GDPR measures.
REVCURV has prepared a Plan for you to understand, how GDPR operates behind the scenes, when a customer interacts using our service.
Here is the Process:
Let us say that Patrick is an owner of a local service business and lives in Letterkenny, Ireland. for GDPR purposes Patrick is referred to as the Data Subject.
REVCURV acts as the service provider acting and the owner of Patrick's data, and for GDPR purposes is known the Controller.
REVCURV's partner company XYZ Ltd is hosting Patrick's data and for the purposes of GDPR is known as the Processor.
Here is how Patrick might interact with REVCURV:
All the above stated steps gather user data from the Data Subject on behalf of the Controller that is passed on to the Processor.
User Data Uploads
User Data means any data, content, code, video, images or other materials of any type that Data Subject uploads, submits or otherwise transmits to or through REVCURV's services. The Data Subject will retain all rights, title and interest in and to User Data in the form provided to REVCURV. REVCURV stores data on industry secured servers located within Switzerland, and are monitored. The Data Subject having granted the processing rights of the User Data, XYZ Ltd, the Processor, is automatically granted a non-exclusive, worldwide, royalty-free right to;
(a) collect, use, copy, store, and transmit User Data, in each case solely to the extent necessary to provide the applicable Services to the Data Subject
(b) The Data Subject hereby grants to XYZ Ltd, the Processor all necessary rights to use, reproduce, modify, create derivative works from, distribute, perform, transmit and display the Data Subject Information solely to the extent necessary to provide the Services which will include the right for REVCURV to grant equivalent rights to its service providers that perform services that form part of or are otherwise used to perform the Services.
Access to Data
The Services may include access to certain areas of the REVCURV back-office environment. Where security concerns are not an issue, the Data Subject may be able to access and download (either manually or via API) their personal data. This facility maybe subject to security audits by XYZ Ltd, the Processor, and may be revoked at any point in time in accordance with the audit parameters.
You may instruct us to provide you with any personal information we hold about you; and provision of such information will be subject to:
We may withhold personal information that you request to the extent permitted by law.
You may instruct us at any time not to process your personal information for marketing purposes.
In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.
We will use your personal data for the purposes of automated decision-making in relation to a payment verification process, and the marketing on any unique service promotions. This may include the storing of your residence address, name, date of birth, credit/debit card number, passport details and driving license details.
This automated decision-making will involve checking the information provided by you, and matching that with any identity document information previously submitted by you to REVCURV.
The significance and possible consequences of this automated decision-making are to verify your identity and authenticity of your documents, based on which your chosen process will proceed further.
Users Individual Rights Request
The GDPR enhances the rights of individuals in a number of ways.
Access and Privileges
The Data Subject can request access to the personal data that has been shared with REVCURV about him or herself. Personal data is anything identifiable, like the full name and email address. If access is requested, XYZ Ltd (as the Processor) needs to provide a copy of the data, in most cases in a machine-readable format (e.g. CSV or XLS).
The Data Subject can also request to see and verify the lawfulness of processing.
The Data Subject can seek access to their data by asking REVCURV of what they require at firstname.lastname@example.org. We at REVCURV believe we have a legal and moral obligation to facilitate any manner of an individual rights request.
REVCURV enables you to grant any access request by easily exporting user records into a machine-readable format.
In the manner same as accessing information, the Data Subject can request REVCURV to modify any personal data, if it is inaccurate, incomplete or requires any sort modification or amendment.
The GDPR requires that XYZ Ltd the Processor, be able to accommodate modification requests, as and when required.
Under GDPR, the Data Subject has the right to request that REVCURV delete all personal data it has collected from the Data Subject. This can be done by sending the request to email@example.com.
On receipt of this request the Processor is required to permanently remove a Data Subject from their database, including verification results, all personal information, saved images/video, form submission data and credit card data. The Data Protection Officer, at XYZ Ltd, the Processor, in most cases will respond back within a 30-day period.
In many cases, the right to deletion is not absolute, and can depend on the context of the request, so it does not always apply.