Data Privacy Statement
Your privacy is essential to us and Swegway Hoverboard takes this issue very critically.
Swegway Hoverboard is dedicated to being obvious approximately how it collects and makes use of non-public facts and to assembly its information protection duties. This declaration units out its dedication to data protection. This announcement applies to the non-public facts of clients, suppliers, contacts, third parties or different non-public facts processed for business functions. The non-public information of process applicants, employees, contractors, interns, apprentices and previous employees, called
HR-related non-public statistics is included via our HR Data Protection Policy.
The wording on this assertion reflects the requirements of the General Data Protection Regulation (GDPR), which comes into effect on 25 May 2018.
Swegway Hoverboard has appointed the Data Manager because the individual with responsibility for facts safety compliance. Questions approximately this announcement, or requests for further facts, have to be directed to the Data Manager, Swegway Hoverboard.
Automated Decision-Making (ADM): when a choice is made that is based completely on
Automated Processing (including profiling) which produces criminal effects or drastically influences an individual. The GDPR prohibits Automated Decision-Making (unless positive conditions are met) but now not Automated Processing.
Automated Processing: any shape of computerized processing of Personal Data such as using Personal Data to assess sure personal components relating to an individual, particularly to examine or predict aspects regarding that person’s overall performance at work, fitness, options, pursuits, reliability, behaviour, place or actions. Profiling is an example of Automated
Organisation: Swegway Hoverboard
Consent: settlement which need to be freely given, specific, informed and be an unambiguous indication of the Data Subject’s needs by using which they, via a statement or by way of a clear positive motion, signify settlement to the processing of Personal Data regarding them.
Data Controller: the person or enterprise that determines when, why and the way to technique Personal Data. It is responsible for setting up practices and guidelines consistent with the GDPR. We are the Data Controller of all Personal Data used in our business for our very own enterprise purposes.
Data Subject: a residing, identified or identifiable individual about whom we keep Personal Data. Data Subjects may be nationals or residents of any us of a and can have prison rights concerning their Personal Data.
Data Privacy Impact Assessment (DPIA): checks used to become aware of and decrease risks of a data processing hobby. DPIA may be achieved as part of Privacy by using Design and need to be conducted for all primary machine or enterprise alternate programs concerning the processing of Personal Data.
EEA: the 28 international locations inside the EU and Iceland, Liechtenstein and Norway.
Explicit Consent: consent which calls for a totally clear and specific statement.
General Data Protection Regulation (GDPR): the General Data Protection Regulation. Personal Data is difficulty to the criminal safeguards certain inside the GDPR.
Personal Data: any records figuring out a Data Subject or facts relating to a Data Subject that we will identify (without delay or indirectly) from that information by myself or in aggregate with other identifiers we possess or can fairly get entry to. Personal Data consists of Sensitive Personal Data and Pseudonymised Personal Data but excludes nameless records or statistics that has had the identity of an man or woman permanently removed. Personal data can be real (as an instance, a call, email address, place or date of beginning) or an opinion about that man or woman’s movements or
Personal Data Breach: any act or omission that compromises the security,
confidentiality, integrity or availability of Personal Data or the bodily, technical,
administrative or organisational safeguards that we or our 0.33-birthday party carrier carriers installed place to shield it. The loss, or unauthorised get entry to, disclosure or acquisition, of Personal Data is a Personal Data Breach.
Privacy via Design: implementing suitable technical and organisational measures in an powerful way to make certain compliance with the GDPR.
Privacy Notices or Statements: separate notices starting up information that may be furnished to Data Subjects when the organisation collects information about them.
Processing or manner: any pastime that involves the use of Personal Data. It includes acquiring, recording or keeping the facts, or wearing out any operation or set of operations at the information inclusive of establishing, amending, retrieving, the use of, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to 0.33 events.
Pseudonymisation: replacing statistics that immediately or circuitously identifies an individual with one or greater artificial identifiers or pseudonyms so that the individual, to whom the information relates, can not be diagnosed without the use of extra records which is meant to be saved one by one and at ease.
Related Policies: the company’s policies, operating processes or procedures associated with this Privacy Statement and designed to shield Personal Data.
Sensitive Personal Data: records revealing racial or ethnic origin, political
opinions, non secular or comparable ideals, exchange union club, physical or intellectual fitness conditions, sexual existence, sexual orientation, biometric or genetic records, and Personal Data referring to crook offences and convictions.
We realize that the ideal and lawful remedy of Personal Data will hold confidence in the employer and will offer for a hit business operations. Protecting the confidentiality and integrity of Personal Data is a important obligation that we take seriously always.
The Data Manager is accountable for overseeing this Privacy Statement and, as relevant, growing Related Policies and recommendations. Please touch the Data Manager with any questions about the operation of this Privacy Statement or the GDPR or when you have any concerns that this Privacy Statement is not being or has not been followed.
We adhere to the principles regarding processing of Personal Data set out in the GDPR which require Personal Data to be:
(a) Processed lawfully, fairly and in a transparent manner (Lawfulness, Fairness and
(b) Collected handiest for unique, explicit and legitimate purposes (Purpose Limitation).
(c) Adequate, relevant and confined to what’s important when it comes to the
functions for which it’s far processed (Data Minimisation).
(d) Accurate and where necessary stored up to date (Accuracy).
(e) Not kept in a shape which lets in identity of Data Subjects for longer than is important for the functions for which the data is processed (Storage Limitation).
(f) Processed in a manner that ensures its protection using appropriate technical and
organisational measures to guard in opposition to unauthorised or unlawful Processing and towards unintended loss, destruction or harm (Security, Integrity and Confidentiality).
(g) Not transferred to any other u . S . With out appropriate safeguards being in region
(h) Made to be had to Data Subjects who’re allowed to exercising positive rights on the subject of their Personal Data (Data Subject’s Rights and Requests).
We will demonstrate compliance with the facts protection standards listed above (Accountability).
Three. Lawfulness, equity, transparency
three.1 Lawfulness and fairness
Personal statistics will be processed lawfully, fairly and in a transparent way when it comes to the Data Subject. We will most effective acquire, system and share Personal Data fairly and lawfully and for detailed purposes. The GDPR restricts our movements concerning Personal Data to unique lawful functions. These regulations are not intended to save you processing however to make certain that we manner Personal Data pretty and without adversely affecting the Data Subject.
The GDPR lets in processing for unique purposes, some of which are set out underneath:
(a) where the Data Subject has given Consent;
(b) if the processing is essential for the overall performance of a agreement with the Data Subject;
(c) to meet our criminal compliance responsibilities;
(d) to protect the Data Subject’s crucial interests;
(e) to pursue our valid hobbies for purposes where they’re now not overridden
due to the fact the processing prejudices the interests or fundamental rights and freedoms of Data
Subjects. The purposes could be set out in applicable Privacy Notices.
We pick out and document the legal floor being depended on for each processing hobby.
We will most effective procedure Personal Data on the premise of one or more of the lawful bases set out in the
GDPR, which consist of Consent. A Data Subject concurs to processing in their Personal Data if they indicate agreement certainly either by way of a statement or tremendous action. Consent requires affirmative motion so silence, pre-ticked boxes or inactiveness are unlikely to be sufficient. If Consent is given in a report which deals with different topics, then the Consent will be saved separate from those different topics. Data Subjects can withdraw Consent to processing at any time and
withdrawal may be promptly honoured. Consent may additionally need to be refreshed if we intend to method Personal Data for a exceptional and incompatible purpose which become now not disclosed when the Data Subject first consented.
Unless we will depend upon any other criminal foundation of processing, Explicit Consent will be
required for processing Sensitive Personal Data, for Automated Decision-Making and for go border information transfers. Usually we can be relying on some other prison foundation (and no longer require Explicit Consent) to manner Sensitive Data. Where Explicit Consent is needed, we are able to trouble a word to the Data Subject.
We will keep records of all Consents so that we are able to show compliance with Consent necessities.
3.Three Transparency (notifying records subjects)
The GDPR requires Data Controllers to provide unique, precise facts to Data Subjects. Whenever we acquire Personal Data without delay from Data Subjects, together with for human sources or employment purposes, we will offer the Data Subject with all the data required via the GDPR inclusive of the identity of the Data Controller, how and why we are able to use, manner, disclose, defend and preserve that Personal Data.
When Personal Data is gathered in a roundabout way (as an example, from a third birthday celebration or publicly to be had source), we are able to offer the Data Subject with all the statistics required by the GDPR as quickly as viable after accumulating/receiving the records. We will take a look at that the Personal Data became amassed via the 0.33 party according with the GDPR and on a basis which contemplates our proposed processing of that Personal Data.
Personal Data can be accumulated most effective for detailed, explicit and valid functions. It will now not be in addition processed in any way incompatible with those purposes. We will not use Personal Data for brand spanking new, one of a kind or incompatible purposes from that disclosed whilst it became first acquired until we’ve knowledgeable the Data Subject of the new purposes and they have Consented
Personal Data might be adequate, relevant and constrained to what is important in relation
to the functions for which it’s miles processed. Our personnel will no longer technique Personal Data for any cause unrelated to their activity obligations. When Personal Data is no longer wished for targeted functions, it will be deleted or anonymised in accordance with our statistics retention suggestions.
Personal Data could be correct and, in which essential, stored up to date. It might be
corrected or deleted right away whilst faulty. We will ensure that the Personal Data we use and keep is accurate, whole, saved up to date and relevant to the cause for which we collected it. We will take all affordable steps to damage or amend misguided or out-of-date Personal Data.
Personal Data will now not be kept in an identifiable form for longer than is important for the functions for which the statistics is processed. We will not keep Personal Data in a shape which permits the identification of the Data Subject for longer than wished for the legitimate enterprise purposes for which we at the beginning gathered it together with for the purpose of pleasant any felony, accounting or reporting necessities. We will take all reasonable steps to spoil or erase from our systems all Personal Data that we not require according with our records’ retention policies. This consists of requiring 0.33 events to delete such data where applicable. We will tell Data Subjects of the period information is saved and how that period is determined.
Security integrity and confidentiality
eight.1 Protecting Personal Data
Personal Data can be secured through suitable technical and organisational measures against unauthorised or unlawful processing, and towards unintended loss, destruction or damage. We will develop, put into effect and preserve safeguards suitable to our length, scope and enterprise, to be had assets, amount of Personal Data that we very own or preserve on behalf of others and recognized
dangers (including use of encryption and Pseudonymisation where relevant). We will
frequently examine and take a look at the effectiveness of those safeguards to make certain protection of our processing of Personal Data.
We will hold statistics safety through defensive the confidentiality, integrity and availability of the Personal Data, defined as follows:
(a) Confidentiality way that handiest humans who’ve a need to recognise and are
accepted to use the Personal Data can access it.
(b) Integrity way that Personal Data is accurate and suitable for the motive for which it’s far processed.
(c) Availability means that authorised users are handiest able to get entry to the Personal
Data after they need it for accredited functions.
8.2 Reporting a Personal Data Breach
The GDPR calls for Data Controllers to inform any Personal Data Breach to the
applicable regulator and, in positive instances, the Data Subject. We have put in region strategies to deal with any suspected Personal Data Breach and will notify Data Subjects or any applicable regulator wherein we’re legally required to achieve this.
The GDPR restricts data transfers to nations outdoor the EEA with a view to make sure
that the extent of records safety afforded to individuals isn’t undermined. We will simplest switch Personal Data outside the EEA if one of the following situations applies:
(a) the European Commission has issued a choice confirming that the country to
which we switch the Personal Data guarantees an ok degree of safety for the Data Subjects’ rights and freedoms;
(b) suitable safeguards are in region;
(c) the Data Subject has supplied Explicit Consent to the proposed switch after being informed of any potential dangers, or
(d) the transfer is vital for one of the different reasons set out inside the GDPR such as the overall performance of a agreement among us and the Data Subject; public hobby; to set up, exercise or protect criminal claims, or to protect the vital pursuits of the Data Subject in which the Data Subject is bodily or legally incapable of giving Consent, and in a few restrained instances, for our valid hobby.
10. Data Subject’s rights
Data Subjects have rights when it comes to how we deal with their Personal Data. These encompass rights to:
(a) withdraw Consent to processing at any time;
(b) acquire positive statistics approximately the Data Controller’s processing sports;
(c) request get admission to to their Personal Data that we hold;
(d) save you our use of their Personal Data for direct advertising purposes;
(e) ask us to erase Personal Data if it is no longer vital in relation to the purposes for which it become collected or processed or to rectify misguided information/complete incomplete information;
(f) restrict processing in unique instances;
(g) venture processing which has been justified on the idea of our valid pursuits or in the public interest;
(h) request a duplicate of an settlement below which Personal Data is transferred outdoor of the EEA;
(i) item to choices based totally solely on Automated Processing, inclusive of profiling (ADM);
(j) prevent processing that is probable to reason harm or distress to the Data Subject or everybody else;
(okay) be notified of a Personal Data Breach that’s likely to result in excessive risk to their
rights and freedoms;
(l) make a grievance to the supervisory authority, and
(m) in confined situations, get hold of or ask for their Personal Data to be
transferred to a third birthday celebration in a based, commonly used and system readable layout.
We will affirm the identification of an man or woman requesting records below any of the rights listed above.
11.1 We will put in force suitable technical and organisational measures in an
effective way, to make certain compliance with facts protection concepts. We have adequate sources and controls in location to make sure and to document GDPR compliance including:
(a) appointing a definitely qualified manager accountable for information privacy;
(b) implementing Privacy through Design whilst processing Personal Data and finishing
DPIAs in which processing offers a high danger to rights and freedoms of Data Subjects;
(c) integrating records safety into internal files;
(d) frequently training our personnel at the GDPR and records protection matters
inclusive of Data Subject’s rights,
Consent, felony bases, DPIA and Personal Data Breaches, and
(e) frequently testing privacy measures and engaging in reviews to assess compliance.
11.2 Record preserving
The GDPR requires us to maintain complete and accurate data of our statistics processing
sports. These information include the name and speak to info of the Data Controller, clear descriptions of the Personal Data sorts, Data Subject kinds, processing sports, processing purposes, 1/3-birthday party recipients of the Personal Data, garage places, transfers, retention durations and an outline of safety features in place.
We will make sure all personnel have undergone adequate training to allow them to comply with statistics privacy legal guidelines.
Eleven.4 Privacy By Design and Data Protection Impact Assessment (DPIA)
We are required to enforce Privacy through Design measures while processing
Personal Data by means of imposing suitable technical and organisational measures
(like Pseudonymisation) in an powerful way, to make certain compliance with records
privateness standards. We will take into account the subsequent:
(a) the kingdom of the artwork;
(b) the value of implementation;
(c) the nature, scope, context and purposes of processing, and
(d) the risks, probability and severity for rights and freedoms of Data Subjects posed with the aid of the processing.
We may also conduct DPIAs in admire to excessive chance processing.
11.Five Automated Processing (along with profiling) and Automated Decision-Making
Generally, ADM is unlawful while a decision has a felony or comparable great impact on an individual until:
(a) a Data Subject has Explicitly Consented;
(b) the processing is authorized via regulation, or
(c) the processing is necessary for the overall performance of or stepping into a contract.
If positive forms of Sensitive Data are being processed, then grounds (b) or (c) will not be allowed however such Sensitive Data may be processed wherein it’s far important for good sized public interest like fraud prevention. If a selection is to be primarily based solely on Automated Processing (which include profiling), then Data Subjects will be knowledgeable of their right to object. Suitable measures can be put in place to shield the Data Subject’s rights, freedoms and valid pastimes. We will inform the Data Subject of the good judgment involved within the decision making or profiling, the significance and envisaged results and supply the Data Subject the proper to request human intervention, explicit their factor of view or project the decision. A DPIA can be achieved before any Automated Processing (which includes profiling) or ADM sports are undertaken.
11.6 Direct marketing
We will especially offer the proper to item to direct advertising. A Data Subject’s objection to direct advertising could be directly honoured. If a customer opts out at any time, their details might be suppressed as soon as possible. Suppression includes retaining just sufficient records to make certain that advertising options are reputable within the destiny.
11.7 Sharing Personal Data
Generally we are not allowed to percentage Personal Data with 1/3 events except certain safeguards and contractual preparations were put in location. We will most effective proportion the Personal Data we keep if the recipient has a job-associated need to realize the facts and the transfer complies with any applicable pass-border transfer regulations. We will most effective percentage the Personal Data we keep with 1/3 events, such as our service providers, if:
(a) they have got a need to understand the records for the purposes of imparting the shriveled offerings;
(b) sharing the Personal Data complies with a Privacy Notice supplied to the Data Subject and, if required, the Data Subject’s Consent has been obtained;
(c) the 1/3 celebration has agreed to comply with required records security;
(d) the transfer complies with any relevant pass border switch restrictions, and
(e) a fully done written agreement that incorporates GDPR accredited 1/3 birthday celebration clauses has been acquired.
12. Changes to this Privacy Statement
Changes to this Privacy Statement may be made any time so please check lower back often to attain the modern day reproduction of this Statement. This Privacy Statement does now not override any relevant information privacy laws and guidelines.