Select a legal document to view

Website policies
Privacy policy
Terms of use

European policies
GDPR

GDPR

Intellitix commitment to the GDPR

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. The regulation became effective and enforceable on the 25th May 2018.

Our commitment: Intellitix is fully committed to compliance with the GDPR.

What has Intellitix done regarding the GDPR?

Intellitix has been dedicated resources toward ensuring compliance with the GDPR since the announcement of the regulation. We did this because we value our customers (and their customers) rights to privacy.

We store all data in accordance with GDPR either in the EU or in an approved location as determined by the European Commission.

Here’s a condensed version of our GDPR Roadmap and steps taken on our journey:

  • Thoroughly research the areas of our product and our business impacted by GDPR – COMPLETE
  • Appoint a Data Protection Officer – COMPLETE
  • Create Data Protection Agreement – COMPLETE
  • Develop a strategy and requirements for how to address the areas of our product impacted by GDPR – COMPLETE
  • Perform the necessary changes/improvements to our product based on the requirements:
    • Process for patrons of customer events to accept privacy policy and terms during registration – COMPLETE
    • Ensure ‘licensing’ of services associated with the subcontractors references relevant authorizations – COMPLETE
    • Define and implement a process for alerting customers and/or data subjects if a data/security breach occurs – COMPLETE
  • Implement the required changes to our internal processes and procedures required to achieve and maintain compliance with GDPR – COMPLETE
  • Finalize and communicate our full compliance – COMPLETE

Intellitix has also engaged with numerous attorneys and professionals on our approach. We felt this was and will be very important because the legislation is so new and far reaching.

What changes has Intellitix made to be GDPR compliant?

We have taken many steps across the entire company to ensure our compliance with the GDPR. We have taken steps to ensure improved anonymization of data where required and possible, and protection of data as per the GDPR. We have created internal processes to our operations and delivery to ensure compliance with the regulation.

Based on the research conducted by both our inside and outside counsels we are confident these changes will address the requirements of the GDPR.

What do Intellitix customers need to do?

There are two things that you might need to do depending on your situation and jurisdiction. Below are some changes that we can foresee that might affect you as a result of using Intellitix:

  1. Make sure your Terms of Service or Privacy Policy properly communicate to your users how you are using Intellitix (and any other similar services) on your website or app. This requirement has always been there, but the GDPR can heavily penalize you if you’ve not done this clearly. We recommend you ensure your policies are up to date and clear to your readers.
  2. If you are in the European Union you will need to sign a Data Processing Agreement with Intellitix. Working with outside legal counsel we’ve updated this document to be in compliance with the GDPR and other generally acceptable privacy laws.
  3. You can request a copy of the Data Processing Agreement template by sending a request to legal@intellitix.com please be informed that certain adjustment by Intellitix may be required based on the contractual relationship.
I'm new to the GDPR and would love more details on what it is

The General Data Protection Act (GDPR) is considered to be the most significant piece of European data protection legislation to be introduced in the European Union (EU) in 20 years and will replace the the 1995 Data Protection Directive.

The GDPR regulates the processing of personal data about individuals in the European Union including its collection, storage, transfer or use. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).

It gives data subjects more rights and control over their data by regulating how companies should handle and store the personal data they collect. The GDPR also raises the stakes for compliance by increasing enforcement and imposing greater fines should the provisions of the GDPR be breached.

The GDPR enhances EU individuals’ privacy rights and places significantly enhanced obligations on organizations handling data.

In summary, here are some of the key changes to come into effect with the upcoming GDPR:

  • Expanded rights for individuals: The GDPR provides expanded rights for individuals in the European Union by granting them, amongst other things, the right to be forgotten and the right to request a copy of any personal data stored in their regard.
  • Compliance obligations: The GDPR requires organizations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on data activities and enter into written agreements with vendors.
  • Data breach notification and security: The GDPR requires organizations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organizations.
  • New requirements for profiling and monitoring: The GDPR places additional obligations on organizations engaged in profiling or monitoring behavior of EU individuals.
  • Increased Enforcement: Under the GDPR, authorities can fine organizations up to the greater of €20 million or 4% of a company’s annual global revenue, based on the seriousness of the breach and damages incurred. Also, the GDPR provides a central point of enforcement for organizations with operations in multiple EU member states by requiring companies to work with a lead supervisory authority for cross-border data protection issues.

If you are a company outside the EU, you should still be aware of this. The provisions of the GDPR apply to any organization that processes personal data of individuals in the European Union, including tracking their online activities, regardless of whether the organization has a physical presence in the EU.

If you have any questions, please don’t hesitate to contact us at legal@intellitix.com