Here at Domotz we have a strong commitment to security, privacy, transparency and compliance: these are principles designed both in our software and in our policies.This also includes compliance with the GDPR (effective beginning May 25, 2018) and EU Data Protection laws in general.
We have deeply analyzed the GDPR requirements and enhanced our software and processes to be fully-compliant with this regulation.
What does being compliant imply?
We ensure that we have a high level of protection against unauthorized access to customers’ data; any personal data breach would be reported to the nominated supervisory authority and to affected data subjects, where feasible, within 72 hours of having become aware of it.
For any concerns or issues, you can contact us at firstname.lastname@example.org.
1. What is the GDPR?
The General Data Protection Regulation (“GDPR”) is a new European privacy regulation which will replace the current EU Data Protection Directive (“Directive 95/46/EC”). The GDPR aims to strengthen the security and protection of personal data in the EU and unify all EU member states’ approaches to data regulation, ensuring all data protection laws are applied identically in every country within the EU.
2. Who does the GDPR affect?
The GDPR applies to all organizations operating in the EU and processing “personal identifiable data” of EU residents. Even if the organizations are based outside the EU, the GDPR will still apply to them so long as they’re dealing with data belonging to EU residents. Personal data is any information relating to an identified or identifiable natural person.
3. What implications does GDPR have for companies processing the personal data of EU citizens?
One of the key aspects of the GDPR is that it creates consistency across EU member states on how personal data can be processed, used, and exchanged securely. Organizations will need to demonstrate the security of the data they are processing and their compliance with GDPR on a continual basis, by implementing and regularly reviewing robust technical and organizational measures, as well as compliance policies.
4. Is Domotz GDPR compliant?
Yes, we have deeply analyzed the GDPR requirements and we enhanced our software and our processes to be fully compliant with this regulation.
5. Do you have a Data Protection officer for your organization?
Yes, we do. You can contact him at email@example.com.
6. Do you market other services to the users we add to the system?
7. How long do you retain our data?
Our retention periods are defined by you; you have full control of what data is held on our system and are free to remove or amend it at any time.
8. Where is our data held?
Data for North American users are stored in the USA. Data for European users and users elsewhere in the world users are stored within the EU.
9. If we were to ask you to remove our account and all related data would you be able to do that in a timely fashion?
Of course – please email firstname.lastname@example.org. In case of data deletion request, Domotz will accomplish the data subject request without undue delay (at the latest within one month of receipt).
10. Do you have a process in place for reporting personal data breaches?
Yes, we do. We have a procedure to report personal data breaches to affected companies and the relevant data protection authority, and in some circumstances, to the affected data subjects, where feasible, within 72 hours of having become aware of it.
11. How does Domotz handle security?
Security is our number one concern for any feature we implement. You can read more in our Security Standards document.
12. I am a business using Domotz to serve my customers. How can Domotz support me in being compliant with GDPR?
We encourage you to review your privacy and data security processes and policies, as Data Controllers are primarily responsible for GDPR Compliance. Here at Domotz we can support you ensuring that we have in place robust processes and security standards and our product provides you with all the features needed to comply with data subject rights (the right to view, amend, export or delete any information that we hold on your behalf, including anything held by 3rd party services).
13. Do you provide documentation about data processing you perform as Data Processor?
Yes, each Data Controller using Domotz can ask us to receive the Data Processing Agreement (“DPA”), submitting his request to email@example.com.