General Data Protection Regulation (GDPR)
Effective May 31, 2021
Torque with General Data Protection Regulation (GDPR) compliance is committed to protecting your privacy
Because you deserve a secure environment
The GDPR is a new legal framework of the EU legislation intended to standardize data regulation across Europe while providing greater protection and control over data to the consumer. It’s an updated version of the Data Protection Directive.
GDPR aims to protect the privacy of EU citizens, specifically their “right to be forgotten” – aka, their right to demand that organizations identify and eradicate any or all data about them.
The purpose of this guide is to give you details on how Torque is preparing for GDPR and to provide you with an overview of the new requirements to help you prepare for GDPR.
Being accountable for customer’s data, Torque has updated its platform with procedures to protect your Personal Data from any kind of illegal loss, theft, leakage or unauthorized sharing. We will be responsible for inquiring your consent before collecting any personal information or data.
What Can You Do To Prepare?
If your business is based in the European Union (EU), or you process the personal data of EU citizens, the General Data Protection Regulation (GDPR) affects you.
The GDPR says you must obtain freely given, specific, informed, and unambiguous consent from your contacts. You also must clearly explain how you plan to use their personal data.
As far as your business is concerned, if you have customers in (EU), you must ask for their consent to store their personal details and get their permission before sending them follow-up marketing or promotional Emails / SMS via Torque.
Furthermore, based on their preferences, you can choose for which individuals you can store none-to-all details. We encourage you to consult with legal or other professional counsel about your GDPR preparations.
Features Included In The Update:
We’ve been busy working to ensure we are compliant when the GDPR comes into effect 25th March 2018 to help you comply with the GDPR and have updated:
- The Customer Registration Process for EU customers where they will be asked for consent related to their data processing.
- The Recording of Customer Data for Torque End Users.
Example: Business (ABC Auto Repair store) will ask their customers for consent before saving their data.
- Edit or Forget right for Customers of Torque End Users.
Example: a customer of ABC Auto Repair store can ask them to update or forget their information stored in Torque.
The iPad and iPhone App where the Customer can ask the Business (ABC Auto Repair store) to update or forget the Customer Data on request.
On consent of the customer to delete their details–Torque will delete customer records and update existing reports with ‘Walk in Customer’ – to keep Business Statistics (Reports) aligned and reconciled.
Note: We will be updating the above section continuously with our latest roadmap and progress.
Customer Rights
Right now, considering the new GDPR, you (Torque Customers) are now in the list of “Data Controllers.” If you have customers in the EU and you record their data in Torque, you have the responsibility to allow individuals to exercise theirRight to be Informed, Right to Rectification, Right to be Forgotten, Right to Object, Right to Restrict Processing and Right to Restrict Processing*
- *Right to Object = Individuals may object to the use of their data for profiling or direct marketing activities.
- *Right to be Forgotten = Individuals have the right to request that personal information be removed from the Torque.
- *Right to be Informed = Individuals may ask for clear and concise information about what you do with their personal data.
- *Right to Restrict Processing = Individuals may request the suppression of their personal data, which means that you may store the data but not use it.
- *Right to data portability = Individuals may request to get their personal data, which they have previously provided in a readable format.
Frequently Asked Questions
What Is GDPR?
In brief, GDPR expands the rights of individuals to control how their personal data is collected, processed and places a range of new obligations on organizations to be more accountable for data protection. GDPR compliance is not just a matter of ticking a few boxes; the Regulation demands that you be able to demonstrate compliance with its data processing principles.
Who Does GDPR Apply To?
GDPR only protects EU citizens but applies to virtually every company with a global footprint – even if it’s just online. It doesn’t matter if you don’t have a physical presence in the EU. As of May 25, 2018, you must abide by GDPR if you:
- Sell goods or services to EU citizens
- Operate a website that uses technologies like cookies to monitor people based in the EU
- Employ any residents of the EU
- Collect any sort of data that may include information about EU citizens
How Will Torque Work On GDPR?
- Review and update all the existing EU customers about the Privacy Policy and ask for their consent for any future information being collected.
- Update internal processes and documentation.
- Modification in Torque software for new customers and considering their preferences for information gathering.
- Alert EU customers about GDPR and inquire their consent by Torque newsletter.
How We Will Collect Consent?
From New Contacts
Customers will enter their information in the sign-up form on the Torque portal which will also include GDPR compliance consent (link to Privacy Policy and FAQs on GDPR) that will give explicit consent to the Torque team to process the contacts data as per policy.
How We Will Communicate Private Information?
We are making sure that before gathering any personal data, we are able to notify you about your identity, our reasons for gathering the data, the use(s) it will be put to, who it will be disclosed to, and if it’s going to be transferred outside the EU. Under the GDPR, additional information must be communicated to individuals in advance of processing.
What Can You (Torque Users) Do To Prepare?
As far as your business is concerned, if you have customers in the EU, you must ask for their consent to store their personal details and get their permission before sending them follow-ups via Torque. Further based on their preferences, you can choose for which individual you can store none-to-all details. We encourage you to consult with legal or other professional counsel about your GDPR preparations.
Proper Documentation
In order for us to be accountable for your data, we’ll provide you all details of what personal data we hold, where it came from and with whom we share it. You are even eligible to audit it anytime. It is important, not only because it is a legal requirement, but also because it can support good data governance and help us demonstrate our compliance with other aspects of the GDPR.
How We Will Report For Data Breach?
Torque ensures to protect your shared data (if you have shared data with us). Torque suspects any unauthorized activity affecting Personal Data, we’ll notify the customer without unnecessary delay along with the relevant supervisory regulator as soon as possible, and in any event within 72 hours of the breach being identified.
Existing Information Rights
Torque in hand provides you control of your data and information and is liable of keeping your information safe and secure. Some privileges are listed below:
Provided Personal Information
Torque tracks only your agreed information. Users may, however, visit our site anonymously. We will collect personal identification information from users only if they voluntarily submit such information to us via a signup form or in case of any problem rectification.
Users can always refuse to supply personal identification information and do not accept terms and conditions in the signup process, to keep their data safe. This personal information tracking lies right under the new GDPR policy.
Edit Your Personal Information
You can update or remove any or all your personal information at any time by logging into your Torque account and editing your personal information from your store, this provides you the ‘right to be forgotten.’ You can view your updated profile in order to confirm that your edits have been made and thus we ensure you keep your identity private based on GDPR rules.
Data Controllers Vs. Data Processors
Controller: A controller is an entity that decides the purpose and manner that personal data is used, or will be used.
Processor: The person or group that processes the data on behalf of the controller. Processing is obtaining, recording, adapting or holding personal data.
What Can End Customers Can Ask From The Controller & Processor?
- *Right to Object = Individuals may object the use of their data for profiling or direct marketing activities.
- *Right to be Forgotten= Individuals have the right to request that personal information be removed from the Torque.
- *Right to be Informed= Individuals may ask for clear and concise information about what you do with their personal data.
- *Right to Restrict Processing= Individuals may request the suppression of their personal data, which means that you may store the data but not use it.
- *Right to data portability= Individuals may request to get their personal data, which they have previously provided in a readable format.
Business Benefits Of GDPR?
- Build customer trust
- Improve brand image and reputation
- Improve data governance
- Improve information security
- Improve competitive advantage
Data Security With Third-Party Integrations
In compliance with GDPR, Torque is NOT accountable for providing security to your identification data, that you share with third-party integrations. It applies to every other integration platform i.e. either provided by Torque or not in partnership with Torque. If you supply any of your customers’ data or your own business data to third-party businesses (using Torque or not); you are solely responsible for it. It has no connection with Torque about how these third parties use your data and for what purposes but, Torque ensures you that we DO NOT share your data or any information with any third-party business. In case there is a data breach, you are requested to inform all parties so protection actions can be taken on all ends.