General Data Protection Regulation (GDPR)
CISC Semiconductor Corp.
REVISION: March 8th, 2018
1) What is the GDPR
The General Data Protection Regulation (GDPR) is a new European data protection law replacing the Directive 95/46/EG (The Data Protection Directive) issued on October 24th 1995, which has been the basis of European data protection law since 1995.
CISC Semiconductor Corp. complies with this European regulation.
A regulation such as the GDPR is a binding act, which must be followed in its entirety throughout the EU. The GDPR is an attempt to strengthen, harmonize, and modernize EU data protection law and enhance individual rights and freedoms, consistent with the European understanding of privacy as a fundamental human right. The GDPR regulates, among other things, how individuals and organizations may obtain, use, store, and eliminate personal data. It has a significant impact on businesses around the world.
The GDPR will officially be enforceable beginning on May 25, 2018.
2) Information regarding the rights of the affected persons
According to the legal position of the General Data Protection Regulation (GDPR), affected persons have the right to information rectification or deletion and objection. From 25.5.2018 the following rights of affected persons will apply according to the then actual GDPR:
- Right to information: Any person affected by data processing has the right to ask CISC for confirmation whether it has processed personal data concerning said person; if this is the case, the affected person has a right to information regarding such personal data (copy of the personal data that is the object undergoing processing) and the following information: (a) the processing purposes; (b) the categories of personal data that are being processed; (c) the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organizations; (d) if possible the planned duration for which the personal data are stored or, if this is not possible, the criteria for determining such duration; (e) the right of rectification or deletion of the personal data concerning the said person or the limitation of the processing or the right to object to such processing; (f) the right of appeal to a supervisory authority; (g) if the personal data are not collected for the person affected, all available information on the source of the data; (h) the (non) existence of automated decision-making including profiling. CISC will provide a copy of the personal data that is the subject of the processing. For all other copies requested by the person affected CISC may charge a reasonable fee based on the administrative costs. If the person effected files the application electronically, the information is provided in a standard electronic format, unless otherwise stated.
- Right to rectification and deletion: The affected person has the right to demand from CISC the correction of incorrect personal data concerning said affected person without delay. In consideration of the purposes of the processing the affected person has the right to request the completion of incomplete personal data, including by means of a supplementary statement.
Furthermore, the affected person has the right to ask CISC to immediately delete personal data concerning said affected person and CISC is obliged to delete personal data immediately if one of the following reasons applies: (a) Personal data are no longer necessary for the purposes for which they were collected or otherwise processed. (b) The person affected revokes the consent on which the processing is based and there is no other legal basis for the processing. (c) The person affected files an objection (see below) against processing. (d) The personal data were processed unlawfully. (e) CISC is required to delete the personal data in order to fulfill a legal obligation. (f) The personal data has been collected in relation to information society services offered (consent of a child). The right of deletion does not exist in particular if the processing is necessary for the fulfillment of a legal obligation of CISC or for the performance of a public interest task or in the exercise of public authority delegated to CISC and /or assertion, exercise, or defense of legal claims.
- Right to restriction of processing: The person affected has the right to demand that CISC restrict processing if one of the following conditions is met: (a) The accuracy of the personal data is disputed by the person affected, for a period allowing CISC to verify the accuracy of the personal data, (b) the processing is unlawful and the affected person is refuses deletion of the data and instead requests the restriction on the use of personal data; (c) CISC no longer needs the personal data for the purposes of the processing, but the person affected requires them to assert exercise or defend legal claims or (d) the person affected has objected to processing until such time as it has been determined, whether the legitimate reasons of CISC outweigh those of the person affected.
If the processing has been restricted, these personal data may only be stored with the consent of the affected person or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of significant public interest of the Union or a Member State.
An affected person, who has restricted processing, will be notified by CISC before the restriction is lifted.
- Right to data portability: The affected person has the right to receive personally identifiable information provided to CISC (as part of the voluntary additional services), in a structured, common and machine-readable format, and has the right to transfer that data to another responsible person.
In exercising their right to data portability, the affected person has the right to grant that the personal data be transferred directly from one responsible party to another responsible party, where technically feasible.
- Right of objection: The person affected has the right, at any time and for reasons related to their particular situation, to lodge and objection to the processing of personal data relating to the performance of a task in the public interest or in the exercise of official authority, which has been transferred to CISC, or which is required to safeguard the legitimate interests of CISC or a third party. CISC will then no longer process the personal data unless it can demonstrate compelling legitimate grounds for processing, that outweigh the interests, rights and freedoms of the affected person or the processing is for the purpose of enforcing, pursuing or defending legal claims.
If personal data is processed to operate direct advertising, the affected person has the right to object at any time to the processing of their personal data for the purpose of such advertising. If the affected person objects to processing for direct marketing purposes, their personal data will no longer be processed for these purposes.
- Right of appeal to the supervisory authority: Any affected person shall have the right to lodge a complaint with a supervisory authority without prejudice or to any other administrative or judicial remedy, in particular in the Member State of their residence, place of work or place of alleged violation, if the person affected considers that the processing of their personal data violates these legal requirements.
3) Contact Information
If you have questions regarding our practices or this GDPR policy, please contact us by email at email@example.com