CHANGING Information Technology Inc.is committed to protecting personal data of our EU employees, contractors, customers, and vendors, regardless of where that data is processed. We have a robust security program and an established series of internal policies, processes, and practices across our organization to ensure that personal data of EU individuals is processed appropriately and protected in our information systems.
When processing the personal data of EU individuals we:
Ensure there is a legitimate business reason to collect the data
Ensure we have consent to collect and use the data
Limit collection, storage and usage of the data only to the extent for which there is a business reason and consent
Below are some measures that CHANGING is ensuring compliance with GDPR:
Personal Data Management: Apps issued by CHANGING do not process any personal data. All data information on users’ mobile phones will be transmitted to their (corporate clients’) internal environment. CHANGING does not store any personal data from the customers.
Data Breach Response Plan: In the event of a data breach that may impact the security of employee, customer, or vendor personal data, we will take steps to notify EU authorities within 72 hours of discovery of the incident.
Data Privacy Impact Assessment: When initiating and implementing new projects or products, or onboarding new vendors that may process personal data of EU individuals, we will assess data privacy impact in order to ensure that personal data is adequately protected in any systems or processes controlled by CHANGING.
Data Subject Rights: We understand that anyone doing business with us may have questions about the types of personal data CHANGING processes about them. If you would like to make a request about the personal data CHANGING processes, please contact: help@changingtec.com