Frequently Asked Questions: GDPR
Frequently Asked Questions: GDPR
Central Ura Reserve Limited is committed to protecting and safeguarding the Personal Data of our members, customers, and users (“Customers”). The following FAQs provide an explanation of the General Data Protection Regulation (“GDPR”) and how Central Ura Reserve Limited is working to protect Personal Data.
What is GDPR?
GDPR is the new European data protection law that came into effect on May 25, 2018. GDPR replaced the EU Data Protection Directive (95/46/EC) and set out a single set of rules across Europe on data privacy and protection. GDPR placed new requirements on companies and organizations about how they process and safeguard the Personal Data of individuals residing in the EU.
For more information on GDPR please visit: https://gdpr-info.eu/
What is Personal Data?
For GDPR purposes, Personal Data is any information relating to a natural person that can be used, either directly or indirectly, to identify that person. Personal Data can be anything from a name, a photo, an email address, bank details, posts on social networking websites and medical information to online identifiers such as location data or a computer IP address.
What does it mean to ‘process’ Data?
GDPR defines processing very broadly to include obtaining, recording, storing, or holding data or carrying out an operation or a set of operations on that data. These operations can include a) organization, adaptation, or alteration of the data, (b) retrieval, consultation, or use of the data, (c) disclosure of the data by transmission, dissemination or otherwise making available, or (d) alignment, combination, blocking, erasure, or destruction of the data.
My company is not in the EU. Does GDPR apply?
GDPR can still apply to your company or organization even though it is not established in the EU. GDPR applies to all companies and organizations which process and hold the Personal Data of EU individuals, regardless of where the company or organization is located. GDPR will apply to any company or organization that has EU users or affiliates, and/or offers goods and services to, or monitors the behaviour of, EU individuals. When determining whether GDPR applies to you, you should consider the very broad definition of Personal Data under GDPR and its application to non-EU-based companies and organizations.
How does CENTRAL URA RESERVE LIMITED protect Personal Data?
Central Ura Reserve Limited has implemented vigorous technical and organizational measures to protect the Personal Data of our Customers against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, Personal Data. For more information on Central Ura Reserve Limited security please visit: Security.
How is Central Ura Reserve Limited complying with GDPR?
GDPR imposes new and stricter requirements on companies and organizations, including in relation to the safe handling of data transfers outside of the EU and obtaining the consent of EU individuals to data processing. To comply with new GDPR obligations, Central Ura Reserve Limited has developed additional terms for data processing which are to be signed and added to relevant customer and vendor agreements under which the Personal Data of EU individuals is processed. The additional terms provided by Central Ura Reserve Limited contain all the necessary terms to make our agreements fully compliant with GDPR and include the Standard Contractual Clauses set by the European Commission.
How does Central Ura Reserve Limited ensure that any cross-border data transfers comply with GDPR?
GDPR provides strict regulations on the transfer of Personal Data of EU individuals outside of the EU. GDPR only permits Personal Data to be transferred outside of the EU if the country where it is being transferred has received an adequacy determination from the European Commission or if a valid data transfer mechanism is used. For this reason, Central Ura Reserve Limited has incorporated the Standard Contractual Clauses set by the European Commission into our additional terms, which is a valid transfer mechanism under GDPR.
Is Central Ura Reserve Limited a processor or a controller of Personal Data?
Whether Central Ura Reserve Limited is considered a controller (the party that determines the purpose and means of processing) or a processor (the party that processes Personal Data on behalf of the controller) for GDPR purposes will depend on the type of agreement and the data processing activities being undertaken. In the additional terms, Central Ura Reserve Limited has included the necessary terms to cover instances where we operate as both a processor and a controller and have included the Standard Contractual Clauses for both processors and controllers in the additional terms for this reason.
Who Can I Contact with Questions?
Central Ura Reserve Limited has appointed a Data Protection Officer (DPO) who is responsible for coordinating and monitoring GDPR compliance. All questions and inquiries regarding GDPR and data protection should be sent to Regulatory-DataProtection@urareserve.com.