GDPR Policy
August 31, 2020
Transparency and Accountability
Intent of the GDPR Obligation
Ensure transparent communication with data subjects regarding the processing of their personal data. Ensure data subjects are notified of their rights under the GDPR.
Our Work Toward Compliance with the GDPR Obligations That Affect You
Infused Product International Ltd.(IPI), Terms of Service Agreement, Privacy Policy, and supporting policies provide a transparent notice to inform interested stakeholders.
Exceptions to the GDPR Obligation
A data controller is exempt from these obligations if it cannot identify which personal data in its possession relates to the relevant data subject (i.e., if personal data is anonymized and cannot be re-identified).
Access and Rectification
Intent of the GDPR Obligation
Allow data subjects to require a data controller to rectify any errors in their personal data.
Our Work Toward Compliance with the GDPR Obligations That Affect You
IPI corporate security partners have access to profiles to amend inaccuracies.
Exceptions to the GDPR Obligation
Provision of this right to a data subject should not adversely affect an organization’s intellectual property (i.e., giving access to a data subject should not require disclosure of trade secrets).
Right to be Forgotten
Intent of the GDPR Obligation
Provide data subjects with the right to delete their personal data if the continued processing is not justified. For example, you may need to delete your customer’s personal data to comply with your GDPR obligations.
Exceptions to the GDPR Obligation
IPI is not required to delete data, except when one of the following reasons is present:
- The personal data is no longer needed in relation to the purposes for which it was collected or otherwise processed.
- The data subject withdraws consent, and there are no other legal grounds for processing.
- The data subject objects to processing, and there are no overriding legitimate grounds for processing.
- The personal data has been unlawfully processed.
- The personal data has to be erased for compliance with a legal obligation.
- The personal data has been collected in relation to the offer of information society services to a minor under 16 years old.
Restriction Processing
Intent of the GDPR Obligation
To provide data subjects the right to limit the purposes for which the data controller can process personal data. For example, a customer has filed a complaint or lawsuit against you, and it is your policy to stop processing while the complaint or lawsuit is pending.
Exceptions to the GDPR Obligation
The requirement to restrict processing generally applies under the same circumstances as the right to be forgotten and/or when the following circumstances exist:
- The accuracy of the personal data is contested (and only for as long as it takes to verify that accuracy).
- The processing is unlawful, and the data subject requests restriction (and the data subject is not exercising the right to be forgotten).
- The data controller no longer needs the personal data for the original purpose but still requires it to establish, exercise, or defend a legal right.
- Verification of overriding ground is pending (in the context of a deletion request).
Data Portability
Intent of the GDPR Obligation
To provide data subjects with the right to transfer their personal data between controllers.
Our Work Toward Compliance with the GDPR Obligations That Affect You
IPI Customer Care works with industry partners so all relevant data from IPI has an export to CSV functionality.
Exceptions to the GDPR Obligation
Inferred and derived personal data (e.g., a credit score or health assessment) are not included because they are not “provided by the data subject.” Data controllers are not obligated to retain personal data simply for the purposes of providing a copy of the personal data pursuant to a potential data subject request.
Objection to Processing
Intent of the GDPR Obligation
Provide data subjects with the right to transfer their personal data between controllers
Our Work Toward Compliance with the GDPR Obligations That Affect You
IPI has implemented internal mechanisms to:
- Cease processing personal data based upon specific data subject requests, confirmed instructions by IPI’s customer in its capacity of data controller, and the particular reasoning for objecting to processing.
- Cease processing for direct marketing purposes upon request.
- Cease processing of personal data for scientific, historical, or statistical purposes.