Dedication to your data privacy
GDPR compliance is an ongoing effort and we are committed to helping our customers keep personal data of their employees or users safe. We are wholly invested in our customers' success and the protection of data. One way that we deliver on this promise is by helping Phygit customers and their users understand, and where applicable, comply with the General Data Protection Regulation (GDPR). The following sections outline our approach and investment in GDPR compliance in service of our customers and individual data subjects.
Our principles in data protection
● Strict purpose limitation. We process personal data only for the purposes for which these data have been collected. We will not send you inappropriate emails or use contact data from E-Cards for other purposes that are not described in our privacy policies.● Minimization. We don't encourage data mining. Each of our users is free to choose how much data to share with their audience.● Accuracy. We enable users to edit their personal data themselves so that they are able to keep it up to date.● Lawfulness and fairness. For each processing activity we do have a legal basis which is documented in our record of processing activities and outlined in our privacy policies.● Storage limitation. Adequate retention periods are established for each processing of personal data, which are consistent with the completion of the purpose of the processing.● Information security. We do have in place the appropriate technical and organizational measures briefly described below.● Privacy by Design. We at Phygit take a proactive approach to data privacy so that we take steps to improve our product in line with estimated privacy risks.● Accountability. All work to make Phygit products GDPR compliant is documented. We maintain an up-to-date record of processing activities to reflect the current data flows in the company.
Security and data location
Protecting our customers' information and their user's privacy is extremely important to us. Even taking into account the fact that the personal data that goes into our service comes directly from the user and they consciously make this data public for a certain audience, we intend to store and process personal data in a secure environment.
We use Amazon Web Services (AWS) as our hosting provider. AWS has received certifications for ISO/IEC 27001:2013, 27017:2015, 27018:2019, 27701:2019, 22301:2019, 9001:2015 and CSA STAR CCM v4.0. We store our customers’ data only within the European Economic Area.
We have strict access limitation rules for our databases to minimize the possibility of data breaches due to human factors. Alongside organizational security measures, we provide everyday backups, encryption in transit and at rest, all accounts are secured with passwords.
Data subject rights
Our tools help customers meet obligations under the GDPR right to be forgotten (or right to erasure) clause by making it easy to delete personal data from Phygit.
Other commitments
Below are several other GDPR initiatives that have been implemented within Phygit.● We have ensured Phygit staff are aware of the GDPR requirements and are bound to maintain the confidentiality and security of that data.● We provide a list of our processors/subprocessors in our privacy policies.● We have committed to carrying out data protection impact assessments for our products.● We will assist with notifying regulators of security breaches and promptly communicating any breaches to customers and users.● We are committed to honor our obligations as data importers under the EU Standard Contractual Clauses.