Introduction

The GDPR enforcement puts the control of personal data, collected by businesses, in the hands of the individuals, it belongs to, protecting the rights of EU residents.

The regulation delineates individuals’ rights to access, rectify, and restrict the processing of personal data, among other key provisions, and aims to unify privacy and security laws for all organizations operating within the EU.

In the context of this user document, we will be focused on how to implement the different rights once invoked by the Data Subjects.

Nomenclature

• Data Subject: End Users

• Data Controller: CSVbox Customers

• Data Processor: CSVbox

Documents

1. Data Processing Agreement (DPA)

2. Terms of Use

3. Privacy Policy

Data Subject Rights

The Right to Access

Under GDPR, individuals have the right to obtain:

• Confirmation that their data is being processed;

• Access to their personal data; and

• Other supplementary information – this largely corresponds to the information that should be provided in a privacy notice (see GDPR Article 15).

CSVbox Compliance

CSVbox enables you to download the data files uploaded by the users via the CSVbox dashboard. You can then provide this data to the Data Subject in response to their request to access any personal data being processed by CSVbox as a Data Processor on your behalf. If you have disabled file storage in CSVbox then the data files will not be available.

The Right to Rectification

Individuals are entitled to have personal data rectified if it is inaccurate or incomplete. If you have disclosed the personal data in question to third parties, you must inform them of the rectification where possible.

CSVbox Compliance

If a Data Subject requests that you rectify inaccuracies within the personal data being processed by CSVbox on your behalf, you can delete the old files and request the Data Subject to re-upload the files using the CSVbox importer.

The Right to Erasure

Individuals have the right to get personal data concerning them erased by the controllers. The right to erasure is also known as 'the right to be forgotten'.

CSVbox Compliance

You can delete the data files from the CSVbox dashboard if Data Subjects request so.

The Right to Data Suppress

This right allows users to opt-out of sharing any data with Data Processors.

CSVbox Compliance

If you have been asked by the Data Subject to restrict the processing of their data, you can simply stop the CSVbox importer initialization or ask the Data Subjects not to submit their files.

The Right to Data Portability

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.

CSVbox Compliance

You may use the CSVbox dashboard to download the data files and furnish it to the Data Subject pursuant to his/her request.

Is GDPR applicable to me?

Under the GDPR, it is the location of the individual whose personal data is being processed that determines whether the concerned firm should comply. This means that the GDPR will apply to all organizations, whether within the EU or outside of it, that offer their product or service to individuals in the EU when their data is being collected.

That said, your legal/compliance teams will be in a better position to answer if your app/business falls under the purview of GDPR regulations.

Our commitment to GDPR

We are fully committed to GDPR and hence have built product features for greater privacy and data control. As an organization, we have always implemented and practiced processes that ensure that customer data is stored and processed in ways necessary only to serve our customers in the best possible way. Our privacy, security, and data policies are also streamlined with the GDPR goals and objectives.