Here at Huffkins we take your privacy extremely seriously. We will never transfer your data to a third party.
What is GDPR?
The General Data Protection Regulation (GDPR) is an European Union (EU) regulation (2016/679) that enhances current data protection laws and rights for EU citizens. This enhances data protection rights for data subjects and obligates companies to be more transparent.
When will the GDPR take effect?
The General Data Protection Regulation (GDPR) comes into force on the 25th of May 2018.
Why does this affect me?
GDPR applies to anyone who holds or processes the data of an EU citizen, regardless of whether you are based in the EU or a third country, and enhances the data rights of all EU citizens. More information can be found on the EU’s website.
How is Huffkins preparing for GDPR?
- We have updated internal processes to ensure your updated rights are protected for the GDPR.
- We have nominated a Data Protection Officer (DPO) who is responsible for GDPR compliance within Huffkins. You can talk to them by emailing firstname.lastname@example.org.
- We are training all staff on the requirements of GDPR and data privacy procedures.
Does the GDPR require storage of personal data in the EU?
No, however GDPR does set out conditions for the transfer of personal data outside of the EU. An array of mechanisms exist to allow for data to flow from the EU to third countries securely, and without loss of the data subjects fundamental rights, the most common of which is via an adequacy decision or via the EU-US Privacy Shield.
What is an adequacy decision?
An adequacy decision allows for data to flow from an EU country to a third country on the basis that the data protection regulation in that third country is sufficiently adequate to safeguard the rights of an EU data subject. Once the EU commission has determined that a country has sufficiently adequate data protection legislation in place, transfers may occur between the EU and the third country as if the country was an EU member state.
What is the EU-US Privacy Shield?
The EU-US Privacy Shield is a framework which allows for data transfers from the EU to the US whilst protecting the rights of EU data subjects. This ensures that EU subjects whose data is transferred to the US maintain their fundamental data protection rights, whilst obligating companies who receive data from the EU to comply with strong data protection requirements.
Where is my data stored?
If you are a British or EU citizen and have informed us as such, your Personal Data will be stored, processed or transferred to/on servers based in the European Economic Area (“EEA”), on servers based in countries which comply with the European Commission’s adequacy decisions or in the US in accordance with the EU-US Privacy Shield.
If you are not a British or EU citizen and have informed us as such, your personal Data will be stored, processed or transferred to/on servers based in Australia, on servers based in the European Economic Area (“EEA”), on servers based in countries which comply with the European Commission’s adequacy decisions or in the US in accordance with the EU-US Privacy Shield.
When using third party providers to support the services we provide to you, we ensure that any third party is fully compliant with the GDPR as required by law.
How to I make a query in relation to my data?
If you have any queries regarding any of your personal data you can contact us at email@example.com with your request. We will respond within 30 days of us receiving your message.
When will Huffkins be ready for GDPR compliance?
Huffkins will be fully compliant with GDPR when it comes into force on the 25th May 2018.
Are you registered with a Data Protection Authority?
Yes, we are registered with the Information Commissioner’s Office in the United Kingdom under the company name Freebrights Ltd.
Any other Questions?
If you have any further questions, feel free to contact the Data Protection Officer at Huffkins who can be found by emailing firstname.lastname@example.org.