This document in an overview of how we here at GeoPal are preparing for GDPR and our commitment on the upcoming EU Data Regulation.
The EU General Data Protection Regulation (“GDPR”) is a new comprehensive data protection law that comes into effect on May 25, 2018. It will replace existing EU Data Protection law and strengthens the protection of “personal data” and the rights of the individual. It will be a single set of rules which govern the processing and monitoring of EU data. It will set a new standard for how companies use and protect EU citizens’ data. This new regulation seeks to strengthen and unify data protection for all individuals within the European Union and grants new and enhanced rights for individuals in relation to their personal information.
What does GDPR mean to you?
GDPR increases and reinforces the rights of individuals in relation to the information we hold about them. Being transparent and providing accessible information to customers about how GeoPal processes personal information is a key element of the new regulation.
GeoPal takes privacy and the protection of customers and staff data very seriously. We've always attached the highest priority to the security of our customers' assets and information and will continue to do so going forward. We support the enhancements to data protection which GDPR will introduce and we have been actively working to implement the changes required to be ready for this new regulation.
How is GeoPal preparing for GDPR?
At GeoPal, we’ve been working hard to prepare for GDPR, to ensure that we fulfil its obligations and maintain our transparency about customer messaging and how we use data.
Our teams have been working to define our GDPR roadmap. This is a massive overhaul of processes and data models to make sure we’re meeting our legal obligations, and doing the best thing for our customers while still letting us move fast, scale and build great products.
Here is a brief overview of the main things we’ve been doing to ensure we’re setting up ourselves and our customers to meet GDPR obligations:
We’re building new features
For example, our Mobile App is now updated to specifically ask permission to gather any personal information e.g. location data.
We’re updating our End User Licensing Agreement
Strong data protection commitments are a key part of GDPR’s requirements. Our updated End User Licensing Agreement shares our privacy commitments and sets out the terms for GeoPal and our customers to meet GDPR requirements.
We’ve appointed a Data Protection Officer
We’ve a dedicated Data Protection Officer to oversee and advise on our data management. Get in touch by emailing support@GeoPal.com.
We’re coordinating with our vendors
We’re reviewing all our vendors, finding out about their GDPR plans and arranging similar GDPR-ready data processing agreements with them.
We’re taking new security measures
Security is a priority for us. We plan regular audits, “pen-tests” and bug bounties. We’ve built a robust security framework over the years, and reviewing our internal access design to ensure the right people have access to the right level of customer data.
The data we gather
By using the GeoPal Services we gather (amongst other information) data to identify you, (e.g. name and contact details, telephone numbers, emails), Financial details, location information. This information is needed primary for us to offer you the GeoPal Services.
The uses to which the data will be put
By utilizing the GeoPal Services you agree to the using of the data we gather. The details provided in your order form, together with any other information that is furnished to us in connection with your application on your account; any information you load into the GeoPal Web App; plus any information gathered by the GeoPal Mobile App; will be retained and processed by GeoPal and any subsidiary companies for the following purposes:
- To help provide and administer your Services
- To ensure we provide you with the best possible Services
- To prevent unauthorized access to your accounts and Services
- To meet our legal and regulatory obligations
- To make credit decisions
- Marketing Activities and offer product and services that we feel you will be interested in.
- Training and quality assurance
- Verifying the Information and otherwise meeting our legal and compliance obligations (which include those relating to the prevention of money laundering, financing of terrorism and fraud);
- Quality control and reporting and management;
- Marketing purposes (if you have consented)
- We may make decisions based solely on an automated analysis of your information.
How long does GeoPal retain my personal information?
This depends on the nature of the information and the purposes for which it is processed. Also sometime there may be statutory obligations (imposed on us by Law).
To whom the data will be disclosed?
The data will not be transferred outside of the EU/EEA.
We may disclose Information in the following circumstances:
- To other companies and entities within GeoPal and any present or future subsidiary companies;
- To our agents, advisers, service providers, partners and contractors for the above purposes;
- To other persons connected with your account (e.g. company directors, partners etc);
- To GeoPal Financial advisers or other intermediaries;
- In the context of a sale of our business;
- Where we are required by any regulatory body, law enforcement agency, court or other legal processes.
Electronic Communications and Phone Calls
Your Information will be processed, recorded and retained by us in electronic form. You agree that GeoPal may communicate with you electronically in relation to your accounts, and that GeoPal may rely on such electronic communications, records, originals and documents in any dealing with you. We may monitor and record telephone calls and emails and other forms of communications made to and from us for account administration; fraud and crime prevention; to assist in improving customer services; to evidence instructions or to prevent or resolve disputes.
Personal Data Consent
By conducting the first transaction on your GeoPal account, you are explicitly consenting to the use, retention and reproduction of personal data for such purposes and you acknowledge that if you do not permit such processing, it will not be possible to provide you with certain services or products.
The GDPR contains enhanced rights for individuals. These include the right to:
- Receive certain information on the collection of personal data
- Access your personal data
- Rectify inaccurate personal data
- Be forgotten
- Restrict the processing of your data
- Object to direct marketing
- Object to automated decision making or profiling.
- You have the right to receive a copy of all personal data relating to you which is held by us following a written request (for which a fee will be charged) and to have any inaccuracies in your personal data corrected. You may be required to provide us with sufficient information to verify your identity and locate your data.
Please note GeoPal does not allow the transfer data from to another competitor or similar organisation.
Does it affect me?
GDPR increases and reinforces the rights of individuals in relation to the information you and we hold about them. Being transparent and providing accessible information to customers about how we process their personal information is a key element of the new regulation. We’ll keep sharing information on our progress, and we’ll also help our customers and prospective customers be compliant. Some steps you can take are:
- New contract terms associated with GDPR will need to be agreed. We will contact you on this.
- You can also read our New Terms and Conditions for more detailed information on how we use your information and your rights (also on our website)
- You have new rights e.g. access to personal information we hold; inaccuracies corrected; information erased; block direct marketing; and restriction on processing;
- Get familiar with the GDPR requirements and how they affect your company.
- Map out everywhere you process data and carry out a gap analysis.
- Consider how you can leverage GeoPal to help with your GDPR compliance. For example, our security docs are available to customers on request.
- Look at your product roadmap, think about privacy when you’re planning your internal changes.
- Chat to your legal advisor about what your company needs to do.
- Keep an eye on the developing guidelines from the GDPR Article 29 Working Party
This overview is not exhaustive and is not intended as definitive analysis or advice legal or otherwise on compliance with data protection requirements. For more comprehensive information, please refer to the full GeoPal Terms and Conditions and the GeoPal Privacy Policies
Feel free to reach out to us if you have any questions about GDPR - we’d be happy to chat to you about it.