Compliance with General Data Protection Regulation
The European Union's “General Data Protection Regulation” or “GDPR” became effective on 25th May 2018.
To comply with the legal obligations and requirements in respect of the GDPR, Celsium Powered by Brunel must therefore have confirmation of GDPR compliance from each of our suppliers who may become involved in transfers of Personal Information as outlined in the GDPR.
Please review the list of specific requirements and confirm your acceptance below:
To collect and use Personal Information only as instructed by Celsium Powered by Brunel, and only as necessary for delivery of services that you have been instructed to provide;
To transfer Personal Information outside the specified and agreed countries only with Celsium Powered by Brunel's prior written consent;
To impose a duty of confidentiality on your employees and subcontractors with access to Personal Information;
To obligate that any subcontractors adhere to the same standards as your organisation in order to meet the requirements of the GDPR and to remain fully liable for any subcontractor’s performance;
To the extent possible, assist Celsium Powered by Brunel in responding to individuals’ requests to exercise their rights to notice, access, correction, erasure, objection, and portability;
To implement technical and organisational security measures, including the encryption of Personal Information, the implementation of business continuity and disaster recovery plans, and the regular testing and evaluation of said security measures;
To delete all Personal Information at the end of the completion of services in a transaction in accordance with Celsium Powered by Brunel's request. You may only retain relevant information after the completion of services in a transaction as required for a legal or regulatory purpose under EU or EU member state law;
To make all relevant information regarding data processing activities available to Celsium Powered by Brunel and regulatory authorities in order to demonstrate compliance and assist with audits;
When responding to audit or other information requests, to inform Celsium Powered by Brunel if, in your opinion, Celsium Powered by Brunel's instructions violate the GDPR or other EU/EU member state data protection law(s);
To promptly notify Celsium Powered by Brunel of any security breach impacting Personal Information and assist with breach investigation, mitigation, and remediation; and
To assist Celsium Powered by Brunel with carrying out privacy and data protection impact assessments and any related consultations of data protection authorities.
If you have any questions about Celsium Powered by Brunel's expectations regarding these requirements, please email firstname.lastname@example.org