nGaje GDPR / Privacy Compliance
nGaje is defined as a Data Processor under the GDPR.
nGaje processes data on behalf of a Data Controller.
In relation to nGaje, the Data Controller is normally the organisation that you are employed by or the entity/person that has entered the information contained on nGaje.
The Data Controller determines the purposes for which and the manner in which any personal data is, or is to be processed.
You, the individual (employee), are generally considered to be the Data Subject.
As the Data Processor, nGaje is required to ensure it is compliant with the GDPR guidelines that apply to Data Processors.
nGaje therefore:
- processes personal data only on documented instructions from the Data Controller, including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by Union or Member State law to which the processor is subject; in such a case, the processor shall inform the Data Controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
- ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
- takes all measures required pursuant to Article 32;
- respects the conditions referred to in paragraphs 2 and 4 for engaging another Data Processor;
- takes into account the nature of the processing, assists the Data Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Data Controller’sobligation to respond to requests for exercising the data subject’s rights laid down in Chapter III;
- assists the controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 taking into account the nature of processing and the information available to the Data Processor;
- at the choice of the Data Controller, deletes or returns all the personal data to the Data Controller after the end of the provision of services relating to processing, and deletes existing copies unless Union or Member State law requires storage of the personal data;
- makes available to the Data Controller all information necessary to demonstrate compliance with the obligations laid down in this Article and allow for and contribute to audits, including inspections, conducted by the Data Controller or another auditor mandated by the Data Controller.
Furthermore, nGaje does not collect or store information that is not provided by, or at the request of the Data Controller. Information that may be collated from Surveys or Polls is anonymous and cannot be linked back to an individual Data Subject. Information that may have been gained through the use of internal communication features or other non-anonymous features is controlled by the Data Controller and can be removed or sanitised at any time by the Data Controller or at the request of the Data Subject.
If a client ceases to use nGaje, we will erase all remaining data relating to that client 12 months after their termination date, or earlier should the client/Data Controller request this.
Find out more about GDPR: https://youtu.be/XVBHishpew8
ICO: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/