GDPR Policy Notice
The General Data Protection Regulation (“GDPR”) is a comprehensive new data protection law passed by the European Union (EU) that became effective on May 25, 2018. This legislation is designed to strengthen the data protection rights for individuals located within the EU. PeopleMetrics has taken the proper measures to be GDPR compliant. At PeopleMetrics, we are fully committed to privacy, security and data protection for all our customers’ data.
The following information outlines certain key principles of GDPR and what we have done to prepare ourselves to meet GDPR requirements. Please note that this document does not provide legal advice and should not be used as such.
GENERAL DATA PROTECTION REGULATION
GDPR replaces Data Protection Directive (officially Directive 95/46/EC on the protection of individuals with regard to the processing of personal data (PII (US)) and on the free movement of such data) is a European Union directive adopted in 1995 which regulates the processing of personal data within the European Union.
The European Union (EU) enacted GDPR to govern the collection, processing, use and storage of personal data of these protected individuals in a manner designed to unify data privacy requirements across the EU. The EU designed the legislation to provide EU citizens with greater protections and rights as individuals and PeopleMetrics fully supports these new, comprehensive safeguards.
- “Data subject” is defined under GDPR for personal as “any information concerning an identified or identifiable natural person.” This includes the name, identification number, online identifier, location, and an individual’s economic, cultural, social, physical, physiological, genetic, and mental identity.
- “Processer” (PeopleMetrics) includes a legal or natural person, agency, public authority, or other body that processes personal data on the behalf of a Controller.
- “Controller” (PeopleMetrics customers utilizing our SaaS Platform to ingest personal data of persons located within the EU) includes any agency, public authority, legal person, or other body responsible for determining the reasons and means for processing personal data.
EMPLOYEE TRAINING AND AWARENESS
- PeopleMetrics conducts an annual review of data privacy requirements as set forth by our SOC 2/SSAE-18. As part of this, PeopleMetrics reviews all data security requirements including those set forth by GDPR on an annual basis, or at point of hire as needed.
- Partnership between Controllers and Processors is key to the effective adherence to the guidelines set forth in the GDPR. As PeopleMetrics acts as Processor in almost all cases, employees and governing processes are based around ensuring PeopleMetrics compliance with Processor guidelines as set forth in the GDPR.
FREQUENTLY ASKED QUESTIONS
- Where is data stored, processed or accessed?
All PeopleMetrics data is stored, processed and accessed in Amazon Web Services and EvolveIP datacenters.
- Will PeopleMetrics (Processor) use personal data for any purpose other than providing your Services?
No, PeopleMetrics only processes data as directed by the Controller and does not use personal data for any other purpose.
PeopleMetrics welcomes your comments regarding GDPR. Please contact PeopleMetrics at GDPR@peoplemetrics.com, or write to us via US mail at the following address:
Two Logan Square
Philadelphia, PA 19103
Corporate Headquarters – USA
ATTN: Scott Lohbauer (DPO)