RAMP Global & GDPR
As you probably know there is new EU legislation, called the General Data Protection Regulation, coming into place on May 25th 2018. This new regulation has been designed to give people more control of their personal information. As such, we want to let you know exactly what information we store about you, what we do with it and crucially, how you can get access to it.
What is GDPR?
The EU General Data Protection Regulation (GDPR) replaces the existing privacy regulations and was designed to align data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy.
What does that mean for RAMP Global?
The UK’s independent regulatory body for data protection and privacy, the Information Commissioner’s Office (ICO), outlines the main responsibilities for organisations, including RAMP, under GDPR – requiring that personal data must be:
“a) processed lawfully, fairly and in a transparent manner in relation to individuals;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
Is RAMP GDPR compliant?
Based on our self-assessment and that of external counsel, we are fully compliant as of the 25th May 2018
What have you done specifically?
Setup internal privacy processes
Includes documenting our processing procedures and understanding what processes we need to implement at a company level to comply with GDPR – e.g. privacy by design, additional data handling training.
Conducted extensive GDPR research
Documented exactly what information we capture, assess what is essential for us deliver our service to users, audit our vendors and understand what product updates were required to meet GDPR.
Updated Terms of Service
They now include updated rules, in line with GDPR, which you must agree to follow in order to use RAMP Global.
Updated Privacy Statement
They now include information, which outlines what exactly we do with your data and why we do it. Read them here.
Implemented product updates to support GDPR
Includes minimising the amount of personal information we store, process and share with vendors to provide you with the service. We’ve also updated your account handling capabilities in order for you to exercise your subject access rights.
Communicated changes to users
That’s what this document and the emails we’ve sent you are all about.
Where can I get more information about GDPR?
If you’re in need of more information, we recommend to ICO’s guide on GDPR, which is a great resource designed to help you understand GDPR better – note clicking on them will take you to an external website:
What information are you storing?
We collect the following information about you:
- Information that you provide to us when registering with us (Identity Data, Contact Data, Financial Data and Profile Data).
- Information that relates to any transactions carried out between you and us on or in relation to this website, including information relating to any purchases you make of our products and services (Transaction Data).
- Information about your device and your visits to, and use of this website. This includes: your location; IP address; browser; operating system; referral source; length of visit; individual page views; site navigation (Usage Data).
- Information that you provide when subscribing to our email notifications/newsletters (Marketing and Communications Data).
- Any additional information that you knowingly and freely send to us e.g. surveys for research purpose
We will inform you at the point of collecting information from you, whether you are required to provide the information to Us and why we are collecting this information.
We do not collect any special categories of personal information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Where is our data stored?
How are you storing it?
We encrypt all your data and our website and storage processes are all architected for security.
Can I access or delete all my data at any time?
Yes, we can provide you with all your data and delete everything if you request it.
Who can I contact about my data at RAMP?