** Introduction ** The ** _ EU General Data Protection Regulation (“GDPR”) _ ** enters into force in the European Union on 25 ^th May 2018, bringing the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR is designed to meet the demands of the digital age. The ^21st century has brought wider use of technology, new definitions of what personal data is, and a massive increase in cross-border processing. The new regulation aims to standardize data protection and processing law across the EU; giving individuals stronger, more consistent rights to access and control their personal information. ** Our Helpjuice ** ** Helpjuice ** is committed to ensuring the security and protection of the personal information we process and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program that complies with existing legislation and data protection principles. However, we recognize our obligations in updating and expanding this program to meet the requirements of the GDPR. Helpjuice is committed to protecting the personal information that falls under our jurisdiction and to developing a data protection Helpjuice that is effective and appropriate for the Helpjuice purpose and demonstrates understanding and appreciation of the new regulation. Our preparation and goals for GDPR compliance are summarized in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and continued compliance. [For a signed copy of the Digital Processing Agreement (DPA), please see this url: https://help.helpjuice.com/redirect-gdpr-dpa-contract ](/_questions/396524) ** How we prepare for the AVG ** ** Helpjuice ** already maintains a consistent level of data protection and security across our organization. ** _ Our preparation includes: -_ ** - ** _ Information audit _ ** - conducting a company-wide information audit to identify and assess what personal information we have, where it comes from, how and why it is processed and whether and to whom it is disclosed. - ** _ Policies and Procedures_ - We have changed our privacy policy and terms of service **, data protection policies and procedures to comply with the requirements and standards of the GDPR and all relevant data protection laws, including: - - - ** _ Data protection _ ** - our main data protection policy and procedure document has been revised to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and prove our obligations and responsibilities; with a special focus on privacy by design and the rights of individuals. - ** _ Data retention and deletion _ ** - we have updated our retention policy and schedule to ensure we adhere to the principles of _ 'data minimization' and _ 'storage limitation' and that personal information is stored compliant and ethically, archived and destroyed. We have special erasure procedures to meet the new _ 'Right to Erasure_ without obligation and are aware of when the rights of this and other data subject apply; along with any waivers, response times, and reporting responsibilities. We did this by setting up a policy where you are just one email away if you want your account information removed. - ** _ Data Breaches _ ** - Our infringement procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report data breaches as early as possible. Our procedures are robust and distributed to all employees, ensuring they are aware of the reporting lines and steps to follow. - ** _ International Data Helpjuice _ ** - Where ** Helpjuice ** stores or transfers personal information outside of the EU, we have robust procedures and security measures in place to secure, encrypt and preserve the integrity of the data. Our procedures include an ongoing review of countries with sufficient adequacy decisions, as well as provisions for binding corporate rules; standard data protection clauses or approved codes of conduct for the countries without. We conduct strict due diligence checks on all recipients of personal data to assess and verify that they have appropriate safeguards to protect the information, ensure enforceable rights of data subjects and, where applicable, have effective remedies for data subjects. - ** _ Subject Access Request (SAR) _ ** - We have revised our SAR procedures to accommodate the revised 30-day period for providing the requested information and to make this provision free of charge. Our new procedures describe how to authenticate the data subject, what steps to take to process an access request, what exemptions apply, and a set of response templates to ensure communication with data subjects is compliant, consistent and adequate. - ** _ Legal basis for processing _ ** - we review all processing activities to identify the legal basis for processing and ensure that each basis is appropriate for the activity to which it relates. Where applicable, we also keep records of our processing activities to ensure that our obligations under Article 30 of the GDPR and Annex 1 of the Data Protection Act are met. - ** _ Privacy Statement / Policy _ ** - we ** have ** revised ** our privacy statement (s) ** to comply with the GDPR, to ensure that all persons whose personal information we process are informed about why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguards are in place to protect their information. - ** _ Obtaining Consent _ ** - We ** are ** reviewing ** our consent mechanisms for obtaining personal data, ensuring that individuals understand what they provide, why and how we use it, and provide clear, defined ways to give us consent to process their information. We have developed strict consent recording procedures to ensure that we can demonstrate an affirmative opt-in, along with time and date records; and an easy to see and access way to revoke consent at any time. - ** _ Direct marketing _ ** - we ** revise ** direct marketing formulation and processes, including clear opt-in mechanisms for marketing subscriptions; Clear notice and method for unsubscribing and providing unsubscribe features on all of the following marketing materials. - ** _ Data Protection Impact Assessments (DPIA) _ ** - where we process personal information considered to be of high risk, involving large scale processing or containing special category data / criminal convictions; we have developed strict procedures and assessment models for conducting impact assessments that fully comply with the requirements of Article 35 of the GDPR. We have implemented documentation processes that record every review, allow us to assess the risk of the processing activity and implement mitigation measures to reduce the risk to the data subject (s). - ** _ Special Category Data_ - ** Where we obtain and process special category information, we do so in full compliance with the requirements of Section 9 and have high quality encryption and protections for all such data. Special category data will only be processed where necessary and will only be processed if we have first identified the appropriate Section 9 (2) basis or the Data Protection Bill Schedule 1 condition. Where we rely on consent for processing, this is explicit and verified by a signature, clearly indicating the right to change or withdraw consent. ** Rights of data ** In addition to the above policies and procedures that ensure individuals their data protection rights to enforce, we provide easily accessible information via our EXPORT (API documentation Beschi kb spike in the Help Center) on the right of an individual access to all personal information that ** Helpjuice ** processes about them. and to request information about: - - What personal data we have about them - The purposes of the processing - The categories of personal data concerned - The recipients to whom the personal data have been / will be disclosed - How long we intend to keep your personal data - If we have not collected the data directly from them, information about the source - The right to have incomplete or inaccurate data about them corrected or completed and the process to request it - The right to request the deletion of personal data ( _if applicable_) or to restrict processing in accordance with data protection law, as well as to object to direct marketing from us and to be informed about any automated decision-making we use - The right to complain or seek recourse to the courts and who can be contacted in such a case len ** Helpjuice (DPA) ** While using the Helpjuice , Helpjuice allows YOUR users to send emails to YOUR customer service team through our contact form. We do not store this information on our servers, but use Sendgrid (an external service) to send the e-mails. If you want a GDPR data processor DPA, please contact us by email at [success@helpjuice.com] (mailto: success@helpjuice.com) ** GDPR Roles and Employees ** ** Helpjuice ** has appointed ** Eldin Hajric ** as our ** Data Protection Officer (DPO) ** and appointed a data privacy team to develop and implement our roadmap for complying with the new data protection regulation. The team is responsible for promoting GDPR awareness across the organization, assessing our GDPR readiness, identifying any gaps and implementing the new policies, procedures and measures. ** Helpjuice ** understands that continuous employee awareness and understanding is essential to continued compliance with the GDPR and has involved our employees in our preparation plans. We have implemented an employee training program specifically to the which will be provided to all employees by ^May 25 ^, 2018 and is part of our induction and annual training program. If you have any questions about our GDPR preparation, please contact ** Eldin Hajric, [success @ Helpjuice .com.] ( Helpjuice : success @ Helpjuice .com.% 3C / strong% 3E% 3C / span% 3E% 3C / p% 3E) **