Introduction

The new EU General Data Protection Regulation (GDPR) introduces more stringent requirements for organisations to protect the personal data of EU residents wherever it is collected, stored, processed or transferred. These requirements must be met by organisations from any country, not just those based within the EU and the transfer of data outside the EU must ensure the same high levels of protection. Podium welcomes the introduction of GDPR in May 2018 and is committed to comply with all aspects of the new law.

The Key Principles of GDPR And Podium’s Commitment

Personal data should be processed lawfully, fairly and in a transparent manner.

To collect the data lawfully, we must ensure that each individual gives consent before submitting any personal data to us. Podium will require explicit and unambiguous consent from all individuals before we store their personal data. This will require an action such as ticking a checkbox or similar. Podium will ensure that data is processed fairly by using data in a way consistent with the reasonable expectations of our users. In our privacy policy, we will provide details on how and why we store each individual’s data in a clear and comprehensible manner.

Purpose Limitation and Data Minimisation

Podium undertakes not to use data for any reason incompatible with the stated purpose as described to the individual. We may use personal data for statistical purposes but, in these circumstances, the data will be completely anonymised and aggregated.

Podium collects only such data as required for the purposes declared and no more.

Data held must be accurate and, where necessary, kept up to date.

Podium will endeavour, where possible, to ensure the accuracy of data and will respond to any requests to rectify inaccurate data.

Data Portability and The Right to Erasure

Individuals have the right to request a copy of any data Podium holds on them. We will make sure there is a process to obtain such data. Podium also undertakes to provide a means for the erasure of any individual’s data on request.

Retention of Data

Podium will retain personal data for as long as is required for the purposes it was collected. As a general rule, we will anonymize data after a period of 18 months at our discretion.

Data Security

Podium takes extensive measures to ensure the security of any data it holds and submits to independent security audits such as penetration testing. A detailed document of our security systems and procedures is available on request. Please contact us at support@podium365.com with your details and we will arrange delivery of the document.

Data Transfer Outside The EU

Podium holds personal data regionaly based on client location on secure servers in Australia and the EU. Please see our security document for details. We undertake to ensure that any data transferred outside the EU is subject to the same high level of security as is available within EU boundaries. All data transfer between Podium databases and Podium applications is done exclusively over an encrypted connection.

Podium Organisational Policies

Podium has appointed a data protection officer who will be responsible for training and guidance of all staff with regard to data protection. A review has been undertaken of current security policies to ensure they align with the requirements of GDPR. This has included improvements in incident reporting procedures, especially in relation to data breaches which is a key concern of GDPR.

Podium Product Development

We have always put data protection as our top priority when developing new products. We will continue to enhance our security and we will make sure that all members of our development team give full consideration to the requirements of GDPR when enhancing current products or working on new ones.

Contacting Us

If you have any queries about Podium’s GDPR status or any matter relating to data protection, please contact us on privacy@podium365.com.