Valinor is GDPR Ready!
If your company uses Valinor to support your Data Platform, you may be sharing personal data with us, which makes Valinor a Data Processor according to the GDPR definitions. Below are a few clarifying questions, which will help you understand our role in the process of handling personal data, and what steps we have taken to ensure your company can trust Valinor with this sensitive information.
1. What is the GDPR?
The General Data Protection Regulation 2016/679 (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas.
It not only applies to companies which process the personal data of protected individuals and which have a presence in the EU (e.g. offices or establishments) but also to companies that do not have any presence in the EU but target the European market (e.g. by offering goods or services to individuals in the EU) and/or monitor the behavior of protected individuals where their behavior takes place within the EU.
Given the GDPR’s extraterritorial effect, although we are non-EU based, we have assessed how the GDPR applies to us as data processors of EU-based clients.
2. Valinor as a Data Processor
A core part of GDPR compliance is ensuring that your data processors implement security best practices for safeguarding personal data. In order to comply with GDPR, Valinor completed an in-depth analysis and put together a procedure to protect data subjects’ private data, which can be requested from the Chief Privacy Officer (firstname.lastname@example.org), designed to keep your users’ data (and your data in general) safe. The document focuses on the Data Subject Rights, vis-à-vis GDPR, and on our commitment to preserving them. Not only have we stated our commitment to upholding the important privacy rights of individuals in regard to their data, we have also taken steps to minimize options for information leaks, such as adding passwords to e-mails containing personal information and barring use of personal media or hardware.
In addition, Valinor ensures that all EU users have opted-in to receive any correspondence from us and that they have the ability to delete their information at any time.
3. Minimal Data Sharing
By nature of Valinor’s activity, our clients determine what data is sent to us processing. Accordingly, your company acts as the controller and must abide to a set of core principles regarding the handling of the personal data. First and foremost, this means that we work with our clients to ensure that unnecessary personal data is not shared.
4. Data Processing Agreement
GDPR states that a formal binding agreement should be executed between the controller and processor of personal data (called a Data Processing Agreement, or DPA). The DPA describes the data processing activities being carried out, in line with the GDPR. Valinor can comply to the GDPR and will sign a DPA where necessary.
5. Disclosure and Consent
If your legal counsel determines you also need to obtain user consent before using Valinor, make sure you update your integration with Valinor to only send data from those who provided the required consent or have otherwise consented to it. Please note that proof of consent is required and may be necessary in the event of legal proceedings.
If you have any additional questions on how to prepare, please reach out to our privacy team at CPO@valinor.co.il
- Please note that this document does not constitute legal advice and should not be used as such. We recommend you consult with the appropriate legal counsel for that purpose.