General Data Protection Regulation (GDPR)

Website: phothuk.com

The General Data Protection Regulation or GDPR is a European Union regulation that is aimed at protecting personal data of EU citizens. It replaces the existing Data Protection Directive 95/46/EC and comes into effect on May 25, 2018. GDPR consolidates the data privacy laws across the EU region into one single regulation.

Any company, be it EU or non-EU based, which processes personal data of EU individuals comes under the scope of GDPR. For more details on the EU's GDPR, visit: https://gdpr.eu/

Important terms in GDPR:

Personal data - The GDPR defines personal data as “Any information related to a natural person or ‘Data Subject', that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.”

Data processor and a data controller - According to the GDPR, “A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.”

As part of GDPR compliance, We will provide the following features:

Data Protection

All necessary technical measures to ensure personal data is protected

All data transferred to Phothuk is encrypted during transit and at rest, and is not processed by Phpthuk for any purpose other than as agreed upon in our terms and conditions

Protect data from loss

Data Selection, Retrieval and Removal:

Allow exclusion of files from backup

Allow users to remove their files from backups

Allowing for robust data recovery with availability of data versioning

Provide tools to recover data

Timely data-breach notifications to customers

Right To Erasure

This is the right to have all personal data removed from our systems upon request. To exercise this right; please contact our support team to begin the process of verification and data removal.

Data Processing Addendum Data Processing Addendum ("DPA") forms part of our Terms of Service Agreement or other electronic agreements or mutually executed agreement between us and Customer ("you" and "your") applicable to Customer's use of Phothuk Services (the "Agreement") and reflects the Parties' agreement with regard to Processing Customer Personal Data.

Customer's responsibilities under GDPR:

Phothuk strives to be a valuable resource and provide support to our valued partners and clients to help them achieve their own compliance with the GDPR. Compliance is your responsibility. Your obligations as the business customer and the data controller, have specific legal obligations under the GDPR. You should be confident that any providers (data processors) which you work with, have a highly robust approach to data protection, understand the obligations of the GDPR and are well prepared to meet them.

Phothuk provides features you can use to meet your obligations under GDPR, but no provider can ensure GDPR compliance for you, nor can we dictate how or if you choose to be compliant.