GENERAL DATA PROTECTION REGULATION (GDPR)

GENERAL DATA PROTECTION REGULATION (GDPR)

Notetech, as a service provider, ensures that we are committed to our client’s security and protection of information. We have been vehemently following effective data protection procedures that abide by the laws and regulations of our client's country. All the demands of GDPR are, hence, recognized to be updated and informed. We hereby state that all the GDPR objectives are implemented with regards to roles, procedures, policies, and measures to ensure maximum preservation.

Data Collection & Usage

We collect and use data only with our client’s consent under our NDA (non-disclosure agreement) policy. We may use the collected data for:

• Improved customer service
  
• Administering trials and development
• Problem-solving, acknowledgement, or records

Cookies

Our site uses general cookies to improve performance. There are no cookies used to capture, retrieve, or store any of personal data. Any usage of personal data will be carried out only after the full consent of our clients and users. It is also ensured that all personal data are handled in compliance with all GDPR norms and protection formalities. 

GDPR Preparation List

1. Data Protection 

Our main data protection policy and procedure document have been amended to meet the GDPR's rules and practices. With a devoted emphasis on confidentiality by design and personal rights, management and governance measures are in position to ensure that we recognize and adequately disseminate our obligations and responsibilities.

2. Retention & Erasure of Data

We've modified our retention policy and calendar to assure our clients that we follow the principles of "data minimization" and "storage limitation" and that their personal information is recorded, stored, and deleted in a legal and appropriate manner. We have established erasure procedures and controls to accommodate the different "Right to Erasure" obligations because we comprehend when these and many other data subject rights apply, along with any restrictions, response timelines, and notification procedures.

3. Data Breaches 

Our breach protocols assure clients that we have the measures and systems in order to accurately detect, evaluate, examine, and address any personal data breach. Our policies are extensive, and all staff are notified of the assigned responsibilities and procedures to follow.

4. Third-Party Disclosures and International Data Transfers 

Primary Intelligence has comprehensive protocols and safety measures in place to secure, encrypt, and preserve the integrity of personal information stored or transferred outside the EU. For those nations lacking sufficient adequacy verdicts, we have alternatives for obligatory organizational requirements, standard data protection agreements, or authorized codes of conduct. We do thorough and comprehensive diligence checks on all beneficiaries of personal information to evaluate and validate that they have adequate regulations in place to safeguard the information. We also enable enforceable data subject rights and provide viable legal remedies for information assets, where necessary.

5. Legal Basis for Processing 

We are analyzing all processing operations to determine the legal basis for processing and to ensure that each basis is appropriate for the activity to which it pertains. We also keep records of our processing activities, if needed, to ensure that we meet our duties under Article 30 of the GDPR and Schedule 1 of the Data Protection Bill.

6. Privacy Notice/Policy

Notetech has updated the Privacy Policy to meet the GDPR, assuring that anyone whose personal information we process is aware of why it's required, the use, and their rights. Along with the information of those with whom it is shared and what measures are in place to keep it safe.

7. Obtaining Consent

Our permission methods have been updated for getting personal data, making sure that people understand what they're submitting, why we need it, and how we'll be using it. Notetech will also provide clear, defined options for them to consent to our processing of their data. We've devised strict procedures for documenting consent  by ensuring that we can prove an affirmative opt-in, as well as time and date records, and a simple means to withdraw participation at any time.