Everything you need to know about Space66’s GDPR update

The General Data Protection Legislation (GDPR) will come into effect on the 25th of May 2018. Here’s what you need to know about how Space66 processes customer data, and what we’re doing to ensure compliance.

What is GDPR and does it apply to me? Good question!

GDPR, short for General Data Protection Regulation, is a new European data legislation that governs how companies around the world handle the personal data of EU citizens. If you’re not an EU citizen, the legislation doesn’t directly affect the way companies handle your data. However, we’ve made changes to Space66 in order to protect everyone’s data to the standard of GDPR.

Individual rights

Space66 meets GDPR requirements for consensual data sharing

Whenever we collect personal data from our users, we ensure that we only collect data that is freely given. Whenever such data is collected, we explain clearly how the data will be used, stored, and secured. It’s our goal to share full detail in plain English so every user understands the control they have over their personal information.

Whenever Space66 asks you to submit personal data, you will be required to actively consent to the handling of your data. We never use your data based on inference or passive signals. You will be required to actively tick a box, click a link, or perform other actions that clearly state your approval for data processing.

What data does Space66 collect?

Space66 collects the data that you submit on our websites, namely your email address and first and last names. We do not ask for sensitive identification information (e.g. national identification number)

How Space66 uses your personal data

Space66 uses the data that we collect in order to enhance the way you experience our service, including the following:

Sending you updates and educational material

Providing easy communication whenever you have questions

How you can request a record of your personal data

All Space66 users can request a record of their personal data by contacting us via the form listed on the support page of our website.

GDPR can be a long read. That’s why we’re answering some of your most common questions in simple, plain language. If you do want more detail, you can read about the security measures we have in place below. We take your privacy very seriously – here are some of the ways how:

Do you have a data protection officer?

We certainly do! Our Operations Director, Thomas Gregson, serves as Space66’s DPO. Any data protection questions can be sent to info@space66.com

How quickly will Space66 inform us if there is a suspected or actual data breach that could have an impact on our personal data?

In the event of a personal data breach, we will inform impacted parties within 24 hours of detecting the breach.

Does Space66 store any of our personal data outside the EU or pass it to a third party that is based outside of the EU?

Simply, no. But in the event that we do, we will seek permission and disclose the partners we work with and the nature of data that is exchanged in terms for EU Customers documented below.

How does Space66 ensure that external contractors respect the data protection and privacy of its customers?

We do not allow any external contractors access to our customer private personal data.

The Fine Print

Security Measures

Space66 has implemented the following technical and organizational measures to ensure the security of your personal data:

1. Unauthorised persons are prevented from gaining physical access to our premises and the rooms where data processing systems are located.
2. Employees are only allowed access to tasks assigned to them.
3. We ensure that all computers processing personal data (including computers with remote access) are password protected, both after booting up and when left, even for a short period.
4. We assign individual user passwords for authentication.
5. We only grant system access to our authorised personnel and strictly limit their access to applications required for those personnel to fulfil their specific responsibilities.
6. We have implemented a password policy that prohibits the sharing of passwords, outlines procedures to follow after disclosure of a password, and requires that passwords be changed regularly.
7. We ensure that passwords are always stored in encrypted form.
8. We have adopted procedures to deactivate user accounts when an employee, agent, or administrator leaves Space66 or moves to another responsibility within the company
9. We have established rules for the safe and permanent destruction of data that are no longer required.
10. Except as necessary for the provision of the Services, Your Personal Data cannot be read, copied, modified or removed without authorization during transfer or storage.
11. We encrypt data during any transmission.
12. We are able to retrospectively examine and establish whether and by whom Your Personal Data has been entered into data processing systems, modified or removed.
13. We log administrator and user activities.
14. We do not use personal data for any purpose other than what have been contracted to perform.
15. We do not remove Your Personal Data from our business computers or premises for any reason (unless you have specifically authorized such removal for business purposes).
16. We have designated a responsible person to perform the functions of a data protection officer.
17. We have obtained the written commitment of our employees to maintain confidentiality and to comply with our requirements under the Addendum and the GDPR.
18. We regularly train our staff on data privacy and data security.
19. Every member of our staff has been certified in GDPR Awareness by IT Governance