GDPR Compliance Statement

The EU General Data Protection Regulation (GDPR) is a privacy and data protection regulation in the European Union effective from May 25, 2018.

The GDPR imposes new obligations on organisations that control or process Personal Data and introduces new rights and protections for EU citizens.

We are committed to ensuring that your privacy is protected, and we strictly adhere to the provisions of all relevant Data Protection Legislations, including GDPR, ensuring all Personal Data is handled in line with the principles outlined in the regulation that state:

Personal Data shall be:

• Processed lawfully, fairly and in a transparent manner in relation to the data subject
• Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
• Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
• Accurate and, where necessary, kept up to date
• Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the Personal Data are processed
• Processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures

We respect our customers and our customers’ customers, our employees and contractors’ rights to data privacy and protection and as such we have revised our ISO27001 certified Information Security Management System and updated applicable policies, procedures and working practices in order to meet the requirements of the GDPR. Our policies regarding data ownership and protection are focused on providing you with confidence that your data remains secure, and under your control. We have established a number of measures to ensure that customers and their data are treated in a manner consistent with privacy principles and the new GDPR requirements.

We place a high priority on protecting and managing data in accordance with accepted standards and helping our customers utilise our products and services to the same end. Our focus with regards to GDPR is that in our solution you should be able to quickly identify End User data; quickly delete data when requested by the End User; be sure that your data is safe and secure according to the new regulations; and easily collect and document the approvals given to you from End Users calling your service.

Puzzel is committed to compliance with the GDPR as both a processor and controller of Personal Data and have dedicated a CISO role to work with the GDPR implementation project and ensure compliance on an ongoing basis. Our CISO has been assigned as Data Protection Officer for Puzzel. We also provide a Data Processing Agreement that fulfils the specific requirements of GDPR.

Questions, feedback, and further information

Please speak to your key account manager or contact our compliance team at privacy@puzzel.com if you have any additional questions. Our privacy policy is located here: Privacy Policy and additional security information can be found here: Security for you reference.