GDPR

BOLDWIN GDPR COMPLIANCE OVERVIEW.

The General Data Protection Regulation (“GDPR”), which takes effect on May 25, 2018, is an iteration of the existing data protection law defined and enforced by the European Union.

The GDPR imposes new rules regarding the processing of Personal Data of data subjects’ located in the EU.

Boldwin LTD (“Company”) is fully committed to comply with GDPR prior to its effective date. Thus, for months, the Company designated an internal team, which are accompanied by the Company’s legal consultants and other professional and expert consultants, for the sole purpose of ensuring all required actions are taken in order to achieve GDPR compliance. Company is investing and will continue to invest substantial efforts and resources to support and ensure ongoing GDPR compliance.

Please see below a general overview which details the Company’s compliance with GDPR
****

Data Processing
Company only processes personal data to the extent necessary and in accordance with applicable privacy laws including the GDPR. Company has ensured there is an applicable lawful basis for any and all processing of EEA users’ Personal Data. Company is entering into data processing agreements with all of the relevant partners.

In addition, Company has ensured all documents, including without limitations, agreements, privacy policies online terms, IOs are compliant with the GDPR.

Company has trained its personnel and employees to educate them with regards to the GDPR, Company’s data practices and the importance of security.

Technological Organizational and Security Standards
The Company has completed an in-depth audit mapping out all of its data sets and its technical and organizational security measures, all as stipulated in its security policy available at: www.brightcom.com/security.

Transparency to Regulators
Company maintains accurate and accessible written records to the extent legally required to provide supervisory authorities, all in a timely manner.

User Rights
In accordance with GDPR, data subjects may exercise the following rights:
(1) access, (2) rectification, (3) restrict processing, (4) erasure, (5) data portability, (6) the right to complain to a supervisory authority, and (7) the right to not be subject to automated processing.

In order to exercise any of the above rights please contact our DPO at: dpo@bold-win.com.

Data Protection Officer
Company has appointed a DPO in order to ensure ongoing compliance with the GDPR.

Company’s DPO can be contacted at: dpo@bold-win.com