PERSONAL DATA SECURITY AND PRIVACY POLICY

This document presents the main elements of the information security program dedicated to the safeguarding of the personal data entrusted to PREMIUM TRAFFIC (hereinafter “PREMIUM” or “We”). It constitutes an overview of a comprehensive framework to ensure security and privacy based on confidentiality, integrity, availability and safety principles, according to the EU General Data Protection Regulation (EU) 2016/679 (hereafter the “GDPR”).

In case of questions or inquiries related to the content of the present document, customers are invited to contact us at the following email address: privacy at prem-traffic dot com

Principles

To ensure an acceptable level of security and confidentiality of the personal data that We may process, We are implementing a coherent set of policies, procedures to manage data and system risks, aiming at:

• identifying, through risk analysis, potential threats to personal data;
• implementing security solutions (both processes and tools) to limit risks for our systems;
• training our employees and third-party service providers to implement our personal data security and privacy policy;
• monitoring the security of our systems and processes;
• providing clear information regarding the processing of personal data;
• preparing ourselves in case of crisis.

The following paragraphs describe in more details the main principles of PREMIUM personal data security and confidentiality policy.

How we use personal data

Acting as “processor” as defined by Article 4-8) of the GDPR, PREMIUM ensures that it processes the personal data of the controllers in accordance to the provisions of Article 28 of GDPR, notably by:

• processing the personal data only on documented instructions from the controller, including with regard to transfers of personal data to a third country or to an international organisation, unless required to do so by European Union (EU) law or EU Member State law to which PREMIUM is subject;
• ensuring that the persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
• implementing appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia:
  • pseudonymisation and encryption of personal data;
  • the means to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • the means to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing;
• respecting the conditions as set forth in the customer agreement for hiring another processor;
• assisting the controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the controller’s obligation to respond to requests for exercising the data subject’s rights;
• assisting the controller in ensuring compliance with its obligations under the GDPR;
• at the choice of the controller, deleting or returning all the personal data to the controller (or the contact designated by the controller) after the end of the provision of services relating to processing, and deleting existing copies unless EU law or Member State law requires storage of the personal data;
• making available to the controller all information necessary to demonstrate compliance with the obligations under the GDPR and allowing for and contributing to audits, including inspections, conducted by the controller or another auditor mandated by the controller, in accordance with provisions of the agreement with the controller.

How long we keep the personnal data

As PREMIUM processes the personal data only on documented instructions from the controller, PREMIUM only stores the personal data for the duration set forth by controller’s instruction.

How we secure personal data

PREMIUM has put in place appropriate security measures to prevent personal data entrusted to us from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. PREMIUM has put in place procedures to deal with any suspected data security breach and will notify controller of any suspected breach where PREMIUM is legally required to do so.

Transfers outside of the sea

PREMIUM may transfer personal data entrusted to us outside the EEA in order to ensure its services.

Where PREMIUM transfers personal data to countries where the European Commission made no “adequacy decision” with respect to that country, PREMIUM will put in place certain measures to ensure that personal data does receive an adequate level of protection, such as contractual clauses which are approved by the European Commission, and in accordance with the terms of our agreement.

Controller can request information about, and a copy of, the applicable transfer mechanism used, by contacting PREMIUM at the following address: privacy at prem-traffic dot com.

Last updated: 10/02/2020