The GDPR establishes new requirements on companies that collect, use, and share data about EU citizens. As of May 25 2018, all companies handling data of EU citizens must adhere to these new data privacy and security measures, regardless of whether the organization is located within the EU or not.
Lawful processing of personal information under GDPR
Processing personal information by the Company shall be lawful only if and to the extent that at least one of the following applies:
- A user has given consent to the processing of his or her personal information.
- Processing is necessary for the performance of a contract to which a user is party or in order to take steps at the request of a user prior to entering into a contract.
- Member management, identification, etc.
- Performance of a contract in relation to providing the services required by users, payment and settlement of fees, etc.
- Compliance with relevant law, regulations, legal proceedings, requests by the government.
- Processing is necessary in order to protect the vital interests of users, or other natural persons.
- Detection of, prevention of, and response to fraud, abuse, security risks, and technical issues that may harm users or other natural persons.
- Processing is necessary for the performance of a task carried out in the public interest or in the excise of official authority vested in the Company.
- Processing is necessary for the purposes of the legitimate interests pursued by the Company or by a third party (except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child).
User’s right when applying GDPR
The users or their legal representatives, as main agents of the information, may exercise the following rights regarding the collection, use and sharing of personal information by the Company:
- The right to access to personal information: The users or their legal representatives may access the information and check the records of the collection, use and sharing of the information under the applicable law.
- The right to rectification: The users or their legal representatives may request to correct inaccurate or incomplete information.
- The right to erasure: The users or their legal representatives may request the deletion of the information after the achievement of their purpose and the withdrawal of their consent.
- The right to restriction of processing: The users or their legal representatives may make temporary suspension of treatment of personal information in case of the disputes over the accuracy of information and the legality of information treatment, or if necessary to retain the information.
- The right to data portability: The users or their legal representatives may request to provide or transfer the information.
- The right to object: The users or their legal representatives may suspend the treatment of personal information if the information is used for the purpose of direct marketing, reasonable interests, the exercise of official duties and authority, and research and statistics.
- The right to automated individual decision-making, including profiling: The users or their legal representatives may request to cease the automated treatment of personal information, including profiling, which has critical impact or cause legal effect on them.
If, in order to exercise the above rights, you, as a user, contact the Company by sending a document or e-mails, or using the telephone to the Company (person in charge of the management of personal information or a deputy), the Company will take measures without delay: provided that the Company may reject the request of you only to the extent that there exists either proper cause as prescribed in the laws or equivalent cause.