The General Data Protection Regulation (“GDPR”) takes effect on May 25, 2018. In an attempt to harmonize and simplify data-protection laws, the regulation introduces new requirements regarding the processing of personal data of data subjects located in the EEA.
AP4 Project Managers (“Company”) is implementing GDPR compliance with the attention this matter deserves. The following is a general overview which details the Company’s compliance with GDPR.
AP4 Project Managers tries to offer at all times a secure, fast and robust service to the clients. We currently store data in data centers provided by Amazon Web Services (AWS) located in Canada (see https://aws.amazon.com/security for information on their security practices). Employees and contractors may also have access to some data that it’s required for product development, customer and technical support purposes.
The service features require that data be transferred to Canada. Our employees and contractors may need access to data stored in the EU from a non-EU country (e.g., US or Australia) for technical and support related reasons.
In all cases where data is transferred outside of the E.U., AP4 Project Managers commits to ensuring such transfers are compliant with applicable data transfer laws, including GDPR.
When the users sign up for AP4 Project Managers, we require the name, company name, and email address so that the account is tailored to the users and the Company may send the user invoices, updates, or other essential information. The Company only processes personal data to the extent necessary and in accordance with applicable privacy laws including the GDPR. In addition, Company does not lease, sell or distribute data. According to agreements with third-party providers, Company’s DPO actively monitors Third Party’s adherence to GDPR.
When the users send an email to AP4 Project Managers asking a question or pointing out an issue, the message and the email are stored, for future reference. When the user accesses the company marketing pages, the company will track that for statistical purposes (ex: conversion rates, AB Testing, Issue tracking).
In addition, Company has ensured all documents, including without limitations, agreements, privacy policies online terms, IOs are compliant with the GDPR.
All data is encrypted via SSL/TLS when transmitted from the company servers to the user’s browser.
Cookies are small files saved to the user's computers hard drive that track, save and store information about the user's interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
When the users request for their account to be deleted, The company will ensure that nothing regarding said account is stored on our servers past 30 days.
Anything the users delete on their account while it’s active will be immediately removed from our databases.
The Company maintains accurate and accessible written records to the extent legally required to provide authorities and legally entitled users, all in a timely manner. In accordance with GDPR, data subjects may exercise the right to access, rectification, restrict processing, erasure, data portability, the right to complain to a supervisory authority and the right to not be subject to automated processing.
The Company has the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident. The Company will provide regulators and users with an immediacy of notification to the extent required under applicable law.