GDPR
How 麻豆传媒映画 complies with EU data protection laws
Introduction
麻豆传媒映画 provides this information to answer the most frequently asked questions that our customers ask about the (GDPR). It does not, and is not intended to, confer legal advice. You should always speak to your own, independent legal advisers to understand your legal responsibilities under the GDPR.
This information is organized in two sections. The first section provides an overview of the data protection law that applies to 麻豆传媒映画, and the second provides a description of 麻豆传媒映画's data processing operations and how the company complies with applicable data protection law.
Data Protection Law
What are data protection laws?
Data protection laws govern the way businesses collect, use, and share personal data about individuals. Among other things, they require businesses
- To process individuals' personal data fairly and lawfully
- To allow individuals to exercise legal rights with respect to their personal data (e.g., to access, correct or delete their personal data)
- To have in place appropriate security protections in order to protect the personal data that they process
What laws in the European Union govern data protection?
In the European Union, data protection rules are set out in a data protection law called the .
What is the General Data Protection Regulation?
The (or "GDPR") (Regulation (EU) 2016/679) is Europe's data protection law that became effective on May 25, 2018. The GDPR is a major overhaul of the data protection rules, and 麻豆传媒映画, like many organizations, has taken steps to ensure that it is compliant with GDPR from the time the new law took effect.
GDPR aims to update Europe's existing data protection rules to make sure they are fit for the 21st century. Among other things, it harmonizes data protection rules throughout European Union member states, introduces new requirements for data processors (the original directive applied only to data controllers), enhances individual's privacy rights (introducing new rights to be forgotten and to data portability), and creates significant penalties for non-compliance (including potential fines of up to 4% annual worldwide revenue).
Who does the GDPR apply to?
The GDPR applies to any organization which is established within the European Union (e.g., has a subsidiary or branch in the EU). It also applies to any non-EU organization which either:
- Offers goods or services to individuals in the EU (including free goods and services); or
- Monitors the behavior of individuals in the EU (for example, through the use of advertising or analytics technologies).
Does European data protection law apply only to data controllers?
No. One of the significant changes brought in by the GDPR is that it applies to both data controllers and to data processors. There are, however, more obligations imposed on data controllers under the GDPR than on data processors.
What is a data controller and a data processor?
A data controller is the entity that determines the "purposes and means of the processing" of data 鈥 in other words, how and why personal data will be processed.
A data processor processes personal data only on behalf of, and under the instruction of, a data controller.
麻豆传媒映画's Approach to Data Protection Law
Does 麻豆传媒映画 comply with the GDPR?
Like any responsible organization, 麻豆传媒映画 aims to comply with the data protection laws that apply to it. Because 麻豆传媒映画 has an EU establishment, the company is directly subject to GDPR (see our FAQ above "Who does the GDPR apply to?").
What types of products and services does 麻豆传媒映画 provide?
麻豆传媒映画 is a leading global transaction processor that connects Mobile Network Operators and enterprises in nearly 200 countries, enabling seamless mobile communications across disparate and rapidly evolving networks, devices and applications.
麻豆传媒映画 processes transactions that include the authorization and delivery of end-user traffic, clearing of billing records and settlement of payments. 麻豆传媒映画 also offers a unique portfolio of intelligent policy and charging tools that enable its customers to use the real-time data generated by these transactions to deliver customized services and choices to their end users.
What type of personal data is 麻豆传媒映画 collecting?
The types of personal data 麻豆传媒映画 will process as part of its normal business include device data, such as device identifiers and similar device-related information (e.g. IMSI, sender ID, destination MSISDN), as well as IP addresses, and billing data (e.g., TAP files under GSMA rules).
In addition, 麻豆传媒映画 processes personal data about our employees and business contact data relating to our customers, suppliers and other individuals with whom we have a business relationship. We also gather personal information through our website.
麻豆传媒映画 does not generally process sensitive personal data, other than personal data of our employees. 麻豆传媒映画 takes care to protect all the personal information that we hold in accordance with law.
麻豆传媒映画 has invested considerable effort as part of its GDPR preparations to have a robust record of data that it processes 鈥 both as a data processor for customers and as a data controller 鈥 to have a clear understanding of the legal basis under which we process that data.
Is 麻豆传媒映画 a controller or processor?
When providing its services to customers, 麻豆传媒映画 is generally a data processor processing personal data at the instruction of its customers, the controller.
However, in some circumstances 麻豆传媒映画 may be a data controller, such as when we collect business contact data relating to our customers, suppliers and other individuals with whom we have a business relationship and where we provide business analysis tools through various 麻豆传媒映画 hosted portals to customer employees or gather personal information through our website.
麻豆传媒映画 also considers itself a controller of communications meta data (i.e. data processed for the conveyance of (or billing of) any electronic communication or communication on an electronic communications network, including connection and records, routing information, tracking information), where 麻豆传媒映画 uses this data for its own billing and tracking purposes and is determining the routing for a message (e.g., which text message aggregators and operators to use to route the messages). 麻豆传媒映画 is also a controller of its own employees鈥 personal data.
What is 麻豆传媒映画's lawful basis for processing personal data?
麻豆传媒映画 will only be able to process personal data if it can demonstrate it has a lawful processing ground 鈥 such as performance of a contract, reliance on its legitimate interests 鈥 where processing is to comply with a legal obligation or with consent from the individual whose personal information is processed. As part of our data mapping exercise 麻豆传媒映画 confirmed and recorded the legal basis for processing for each type of process or application.
How does 麻豆传媒映画 provide transparency to data subjects?
麻豆传媒映画 provides clear high-level descriptions of the data it processes in its privacy policies and internal notices, which it has reviewed, updated and published on the company鈥檚 intranet (for internal policies) and external website, 麻豆传媒映画.com.
What data protection rights do data subjects have?
Under the GDPR, individuals can exercise the following rights against data controllers:
- A right to request access to, and a copy of, personal information processed about them
- A right to correct any inaccurate or outdated personal information processed about them
- A right to object to processing of their personal information
- A right to request erasure of their personal information (e.g., end users may want that their data gets deleted)
- A right to request that processing of their personal information be restricted (e.g., this can be supported with the 鈥渄o not track鈥 option in the browser)
- A right not to be subject to automated decisions that significantly or legally affect them
麻豆传媒映画 has put in place procedures to ensure that it handles all such requests made to it as a controller in compliance with the GDPR. For data where 麻豆传媒映画 is a processor, 麻豆传媒映画 also has processes in place to ensure it forwards any such requests it receives to the relevant customer for response and will assist the controller in responding as required by the GDPR.
Will customer personal data ever be transferred outside Europe?
If our customers are located outside of Europe, yes.
Otherwise, please note that 麻豆传媒映画 is a US-headquartered company with affiliates in the European Union, Cost Rica, India and Asia Pacific, and we enable individual mobile subscribers to make calls or send messages when roaming. 麻豆传媒映画 operates on a global basis in support of its customers.
Customer personal data may be transferred outside Europe, including to the US. With certain products and internal applications, we also work with international service providers who help us to manage and deliver our services. However, they do so under strict contractual terms to ensure they protect the privacy and security of customer personal information.
What data transfer solution does 麻豆传媒映画 have in place?
麻豆传媒映画 has put in place a revised global data transfer agreement based on the EU model clauses.
What other steps has 麻豆传媒映画 taken to be compliant with GDPR requirements?
We understand the single biggest novelty of the GDPR is the introduction of requirements intended to make businesses more accountable for their data practices. We realize that it is important for 麻豆传媒映画 to document its activities, so the company can demonstrate compliance to a customer or competent authority. 麻豆传媒映画 has taken steps to adopt and enforce policies and procedures, including those regarding data retention, data privacy impact assessments, and data security policies and incident response plans.
麻豆传媒映画 has provided documented training for all staff around the globe on the basic elements of GDPR. Further courses and individual training will be rolled out as the 麻豆传媒映画 privacy curriculum evolves.
Given the scale and nature of data processing 麻豆传媒映画 undertakes on a global basis, the company has appointed a Data Protection Officer, for whom contact details are listed below.
What security measures does 麻豆传媒映画 apply to protect personal data?
麻豆传媒映画 is committed to ensuring that personal data is secure. 麻豆传媒映画 implements appropriate technical and organisational security measures to protect personal data against: (i) accidental or unlawful destruction; and (ii) loss, alteration, unauthorised disclosure or access. For more information concerning the technical and organisation measures taken by 麻豆传媒映画 please refer to the Data Protection Officer contact information below.
Will 麻豆传媒映画 update its terms for GDPR compliance?
Yes. 麻豆传媒映画 has reviewed its website privacy policy, internal notices and developed data processing agreements both for vendors and customers. If you require a data processing agreement, please refer to the Data Protection Officer contact information below.
Who do I contact if I have further questions?
If you have any further questions about 麻豆传媒映画's compliance with EU data protection requirements or GDPR, please contact the 麻豆传媒映画 Data Protection Officer at:
FAO: Global Data Protection Officer
麻豆传媒映画 Technologies
Headquarters
8125 Highwoods Palm Way
Tampa, Florida, 33647
U.S.A.
Email: dpo@syniverse.com
FAO: Data Protection Officer
麻豆传媒映画 Technologies
15 Rue Edmund Reuter
L-5326 Luxembourg
Email: dpo@syniverse.com
Last update: January 20, 2020