Privacy Protection - Legal guidelines
1) Lawful, fair and transparent processing
Companies that process personal data are asked to process the personal data in a lawful, fair and transparent manner. What does this mean?
2) Limitation of purpose, data and storage
Companies are expected to limit the processing, collect only that data which is necessary, and not keep personal data once the processing purpose is completed. This would effectively bring the following requirements:
3) Data subject rights
The data subjects have been assigned the right to ask the company what information it has about them, and what the company does with this information. In addition, a data subject has the right to ask for correction, object to processing, lodge a complaint, or even ask for the deletion or transfer of his or her personal data.
As and when the company has the intent to process personal data beyond the legitimate purpose for which that data was collected, a clear and explicit consent must be asked from the data subject. Once collected, this consent must be documented, and the data subject is allowed to withdraw his consent at any moment.
Also, for the processing of children’s data, GDPR requires explicit consent of the parents (or guardian) if the child’s age is under 16.
5) Personal data breaches
The organisations must maintain a Personal Data Breach Register and, based on severity, the regulator and data subject should be informed within 72 hours of identifying the breach.
6) Privacy by Design
Companies should incorporate organisational and technical mechanisms to protect personal data in the design of new systems and processes; that is, privacy and protection aspects should be ensured by default.
7) Data Protection Impact Assessment
To estimate the impact of changes or new actions, a Data Protection Impact Assessment should be conducted when initiating a new project, change, or product. The Data Protection Impact Assessment is a procedure that needs to be carried out when a significant change is introduced in the processing of personal data. This change could be a new process, or a change to an existing process that alters the way personal data is being processed.
8) Data transfers
The controller of personal data has the accountability to ensure that personal data is protected and GDPR requirements respected, even if processing is being done by a third party. This means controllers have the obligation to ensure the protection and privacy of personal data when that data is being transferred outside the company, to a third party and / or other entity within the same company.
9) Data Protection Officer
When there is significant processing of personal data in an organisation, the organisation should assign a Data Protection Officer. When assigned, the Data Protection Officer would have the responsibility of advising the company about compliance with EU GDPR requirements.
10) Awareness and training
Organisations must create awareness among employees about key GDPR requirements, and conduct regular trainings to ensure that employees remain aware of their responsibilities with regard to the protection of personal data and identification of personal data breaches as soon as possible.
Neither the Company nor the Site knowingly permit the use of malware, spyware, viruses, and/or other similar types of software.
Security: Security for all personally identifiable information is extremely important to us. Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, The Company cannot ensure or warrant the security of any information you transmit via the internet. By transmitting any such information to the Company, you accept that you do so at your own risk.
Company uses the following cookies on the Site:
On Data Usage
I confirm that I am at least 16 years of age or older
I have read and accept any EULA, Terms and Conditions, Acceptable Use Policy, and/or Data Processing Addendum which has been provided to me in connection with the software, products and/or services.
I have been fully informed and consent to the collection and use of my personal data for any purpose in connection with the software, products and/or services.
I understand that I have the right to request access annually to any personal data you have obtained or collected regarding me. You have agreed to provide me with a record of my personal data in a readable format.
I also understand that I can revoke my consent and that I have the right to be forgotten. If I revoke my consent you will stop collecting or processing my personal data. I understand that if I revoke my consent, you may be unable to provide contracted products or services to me, and I can not hold you responsible for that.
Likewise, if I properly request to be forgotten, you will delete the data you have for me, or make it inaccessible. I also understand that if there is a dispute regarding my personal data, I can contact someone who is responsible for handling data-related concerns. If we are unable to resolve any issue, you will provide an independent service to arbitrate a resolution. If I have any questions regarding my rights or privacy, I can contact the email address provided.
As a general policy, no personally identifiable information, such as your name, address, or e-mail address, is automatically collected from your visit to the Site. However, certain non-personal information is recorded by the standard operation of the Company’s internet servers. Information such as the type of browser being used, its operating system, and your IP address is gathered in order to enhance your online experience.
The Site’s various mailing lists, downloads, special offers, contests, registration forms, and surveys may request that you give us contact information such as your name, mailing and/or e-mail address, demographic information. Information submitted at the time of submission will be used by the Company only as necessary for our legitimate business interests, including without limitation the improvement of our products, services and the contents of the Site. More tailor-made services or sign ups to retreats or special events may include personal questionnaires which ask about your accessibility needs and and additional support needs you may have. This information is used to inform the delivery of a particular service that you have opted into. This personal information will never be shared with anyone else or stored on our servers. Any personally identifiable information held by True Voice Creations will never be sold, leased or given to any third parties. Any opt-ins, purchases or registrations to the mailing list will include you in future communications which may from time to time contain promotional offers of services or products. You may always opt-out of receiving future mailings by following the link provided in all emails which are sent out by True Voice Creations. The Company does not store any credit card information it may receive in regard to a specific transaction and/or billing arrangement except as necessary to complete and satisfy its rights and obligations with regard to such transaction, billing arrangement, and/or as otherwise authorised by a user.