General Data Protection Regulation (GDPR)
Organizations established in the EU and processing personal data of EU-based individuals are, in almost all cases, required to comply with the GDPR as of May 25, 2018. The GDPR updates and harmonizes the framework for processing personal data in the European Union, and brings with it new obligations for organizations and new rights for individuals.
The team at Improver is fully committed to the requirements of the GDPR. Our experts have closely analyzed the requirements of the GDPR and continue to monitor new guidance on best practices for implementing the requirements of the GDPR. We have taken these new requirements to heart and made changes to our terms, services and policies to ensure that we are fully in compliance with the GDPR.
Your Rights Regarding Your Personal Information
We respect your privacy rights and therefore you may contact us at any time and we shall work diligently to respect your choices and requests regarding your Personal Information. The purpose of the list stipulated below is to allow Users and Contacts to exercise their rights under applicable privacy and data protection regulations:
- Right of Access: You may request to access your Personal Information and obtain a copy of Personal Information which is being processed by Improver. In the event that you request to know what Personal Information is being processed by us, we will provide you with the following information free of charge: purposes of processing; categories of Personal Information processed; recipient(s) of Personal Information; length of time during which the Personal Information will be stored; your privacy rights; and information on data transfers. Such requests will be made by sending a request to email@example.com, please make sure to provide your relevant details.
- Right of Rectification: You may request to change, update or complete any missing data we process about you, by sending an email to firstname.lastname@example.org with your relevant details. Please note that we may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.
- Right of Erasure: You may at any time withdraw your consent to our processing of your Personal Information. In this case, if there is no overriding legitimate interest for continuing the processing of your Personal Information (e.g. to comply with our legal obligations, resolve disputes, enforce our agreements, etc.) and the Personal Information is no longer necessary in relation to the purpose for which it was originally collected, we will erase your data. Such withdrawal of consent will be made by sending an email to email@example.com with your relevant details.
- Right of Restriction of Processing: You may request us to restrict processing of your Personal Information if one of the following applies: (i) the accuracy of the Personal Information is contested by you; (ii) the processing is unlawful; or (iii) if we no longer need the Personal Information. Such request will be made by sending an email with the relevant details to firstname.lastname@example.org.
- Right to Data Portability: You have the right to receive the Personal Information in a structured, commonly used and machine-readable format. Such request will be made by sending an email with your relevant details to email@example.com
Personal Information will be retained by Improver in such a way that you can be identified only as long as is necessary for Improver’s processing activities (“Processing Date”). Improver will adopt the same retention policy for all Users regardless of their place of residence, which will follow the reasonable mandatory retention period, which is 7 years as from the Processing Date.
Please note that we may retain the information we collect for as long as needed to provide the Services and to comply with our legal obligations, resolve disputes and enforce our agreements.
If you wish to remove profiles existing in our servers you may send an email with your relevant details to firstname.lastname@example.org.
Please be notified: some of the information that is gathered about you may arrive from the web and is public by other platforms. In some cases, you may encounter your details again after request for removal, in case they were re-collected over the web, contributed by other partners or in other means that are not including access to your device. We recommend you to periodically check your profile or the Services to ensure that your then-existed profile or account include only the information you chose to have displayed.
Legal Basis for processing
The biggest myth about the GDPR is that consent is the only way to lawfully process personal information concerning EU data subjects. While consent is one basis for lawful processing, it is not the only one. Improver’s lawful basis for processing is its legitimate interest in providing its services to its user, empowering the users to fight fraud online and verifying and authenticating online identities.
The categories of recipients of the personal data
In order to provide our service, we may share certain personal data with companies and individuals that subscribe to our service. We may also share personal data with the following recipients: (i) our subsidiaries; (ii) subcontractors and other third-party service providers (e.g. payment processors, advertisers and marketers, hosting services, etc.); (iii) auditors or advisers of our business processes; and (iv) any potential purchasers or investors in Improver.
Transfer of Data to a Third Country
If we transfer personal data outside of the EU or EEA, we only do so in accordance with the legal mechanisms set out in the GDPR (for example, the Privacy Shield or to territories which have been deemed by the European Commission as providing an adequate level of protection).