The regulation mandates the use of operational and technological controls for protection against data violation and grants new rights for individuals in the treatment of their data. The updates will automatically come into effect for all existing customers and users on May 25th, 2018.
Does everyone need to be GDPR compliant? Only organizations dealing with EU Citizen and Resident data. If this is not you, GDPR does not apply.
When does it go into effect? May 25, 2018
Will this affect my experience using the Asset Panda Platform? No, you should not experience any change in how you use Asset Panda and our platform will continue to provide you with the experience you’ve come to know and trust.
Please feel free to contact us at firstname.lastname@example.org if you have any questions or feedback. We will review all feedback and will take action as appropriate. Please keep in mind that we may not respond to these requests individually.
To withdraw consent from communications and related activities, please go into your account setting and change your communication options or click on the unsubscribe link in our communication emails. Alternatively, reach out to email@example.com to withdraw your consent.
To withdraw consent from processing, please delete your data in the platform, cancel your account, or reach out to firstname.lastname@example.org.
Data Controller Terms
Collection of Data
We collect the following categories of Personal Data about you when you use or otherwise interact with our Products:
- Email address
- Telephone number
- Job Title
- Physical Address
- Payment information
- IP addresses and other information collected passively
- Device identifiers
We collect and/or process your data in connection with the below activities:
- Account creation, including Trial Accounts
- Use of certain Product features
- Generating reports based on information collected from use of our Products
- Requesting service and support for our Products and providing such support
- Placing transactions or orders
- Participating in an online survey
- Billing and collecting payments for our Products
- Registering for newsletter subscriptions (this may involve third party tools such as HubSpot or MailChimp)
- Customizing the advertising and content you see, both on our website and the standard social content sites (e.g. Facebook, Twitter, and Google)
Asset Panda Processing of your Controlled and Processed Data
We will only process your data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity (i.e. processing that is necessary for the performance of a contract with you, such as your user agreement with us that allows us to provide you with the Products) and our “legitimate interests” or the legitimate interest of others (e.g. our users) such as:
- Personalizing, improving or operating our Products and business
- Better understanding your needs and interests
- Fulfilling requests you make related to the Products
- Providing you with information and offers from us
- Complying with our legal obligations, resolving disputes with users, enforcing our agreements
- Protecting, investigating and deterring against fraudulent, harmful, unauthorized or illegal activity
- We process data for purposes such as:
To process your orders and deliver the Products that you have ordered
- To provide reports based on information collected from use of our Products
- To keep you up to date on the latest Product announcements, software updates, software upgrades, system enhancements, special offers, and other information
- To provide support and assistance for our Products
- To provide the ability to create an account and have access to our Products
- To provide the ability to contact you and provide you with shipping and billing information
- To provide customer feedback and support
- To the extent, you choose to participate, to conduct questionnaires and surveys in order to provide better products and services to our customers and end users
- To personalize marketing communications (this may involve third-party tools such as HubSpot or MailChimp) and website content, both on our website and the standard social content sites (e.g. Facebook, Twitter, and Google), based on your preferences, such as in response to your request for specific information on products and services that may be of interest
- To meet contract or legal obligations
Data Processor Terms
Client data within the Asset Panda Platform will be processed for the following purposes:
- Data Storage and Retrieval by the Client
- Customer Trouble Shooting Help by Asset Panda’s Implementation and Sales Team, and
- Technical Troubleshooting by Asset Panda’s Development Team
Types of Data Processed
Technical and Organizational Security Measures
Please request the Report on Security Posture at email@example.com to view a description of the security measures. This is sensitive information that requires certain permissions to view.
Rights of Controllers
Controllers have the following rights:
- Must give consent to any new type processing done outside of original consent
- Must give consent if any entity other than Asset Panda is going to perform sub-processing outside of original consent
- Will have the choice of having personal data deleted or returned at the end of provision of services
- Will be assisted by the processor, insofar as possible, to fulfill controller obligations in response to requests for exercising data subject rights as well as compliance with Articles 32 to 36 of the GDPR
- To be informed of data breach without undue delay
After the termination of services, the client may request to have data within the platform returned and/or deleted. Asset Panda will provide support to the client in downloading and deleting the data (all clients have the ability to delete data and download data in multiple formats, such as Excel and pdf, and are given clear guidance during onboarding for how to do so). If the client decides to delete the data from the platform, it will be automatically deleted from the platform and after 30 be cycled (deleted) from all backups.
Data inside of the Asset Panda platform will be kept after termination of services in case the client would like to continue using Asset Panda services. The client can at any time delete data from the platform or request data to be deleted. If the client deletes the data, it will be fully cycled out of the Asset Panda environment in 30 days. If the client requests deletion by Asset Panda staff the time to deletion will vary depending on technical and resource bandwidth for deletion.
All personnel that interacts with client data are required to sign an NDA.
All data processing within the platform is performed by Asset Panda with the exception of file conversions which are performed by Cloud Convert. This processing by Cloud Convert and all additional processing is performed only at the explicit choice of the Client (e.g., if the Client chooses to send their Asset Panda data to another service provider through the use of API or opts to use the conversion mechanism).
Cloud Convert will only process data in the case that the client utilizes the file conversion function within Asset Panda. Additionally, Cloud Convert is GDPR compliant, only stores data for 24 hours at a maximum, and has a processing contract in place with Asset Panda pursuant to the sub-processing requirements of GDPR. In the case that a new sub-processor is required, Asset Panda will first ask for consent from the client.
The vast majority of processing is done in the United States and Europe in some rare instances.
Asset Panda’s Breach Notification policy is as follows:
“If processed data (i.e., data within the Asset Panda application) related to European Union citizens is breached, Asset Panda shall notify the controller (i.e., client), without undue delay after becoming aware of a personal data breach. Asset Panda is not required to notify the affected individuals whose data is within the application itself – that is the responsibility of the Controller of the data (i.e., the client who stored the data in the platform).
Asset Panda must document any personal data breaches related to European Union citizens, comprising the facts relating to the personal data breach, its effects, and the remedial action taken. This documentation will enable the supervisory authority to verify compliance with GDPR.”
Data Subject Rights
For data that is Controlled, Asset Panda will comply fully with each of these Rights. For data that is Processed, Asset Panda will assist the Controller (i.e., Client), insofar as possible, fulfill the Controller’s obligations in responding to requests for exercising data subject’s rights and in pursuit of Article 32 to 36 (as mandated in Article 30 of GDPR – Responsibilities of Processors).
To exercise any of your data subject rights, please contact the Organization who controls your data or firstname.lastname@example.org. Below are the Rights of Data Subjects:
Right to be Informed (Article 13)
At the time of collection of personal data from the data subject, the controller must provide the data subject with the information outlined by GDPR.
Right of Access (Article 15)
Data subjects have the right to obtain from the controller: confirmation as to whether personal data concerning him or her are being processed, a copy of all personal data, and additional information outlined by GDPR.
Right of Rectification (Article 16)
Data subject has the right to obtain the rectification of inaccurate personal data from the controller without “undue delay.”
Right of Erasure (Article 17)
The data subject has the right to obtain the erasure of personal data without undue delay from the controller.
Right to Restrict Processing (Article 18)
Data subject shall have the right to obtain restriction of processing from the controller.
Right to Data Portability (Article 20)
Data subject has the right to receive personal data concerning them in a GDPR-compliant format and has the right to have the data transmitted to another controller.
Right to Object (Article 21)
Data subject has the right to object at any time to the processing of personal data under certain situations outlined by GDPR.
Right in Relation to Automated Decision Making and Profiling (Article 22)
Data subject has the right not to be subject to a decision based solely on automated processing, including profiling.
Basic Data Controller and Processor Information
Name: Asset Panda, LLC
Address: 5729 Lebanon Road, Ste 144-269, Frisco, Texas 75034