Personal data refers to any information relating to an identified or identifiable natural person (‘data subject’). Therefore, Personal Data includes the types of data which allows for the identification of a particular person, as well as data which does not allow for such immediate identification, but which, at some cost, time and effort, is sufficient to identify that person. As such, it should be assumed that personal data does not include individual information of a high degree of generality, for example, street name or house number. However, this information constitutes personal data if it is correlated with other additional information, and consequently may be related to a particular individual. An example of a single piece of information constituting personal data is a PESEL or National Insurance number, which uniquely identifies a natural person.
Source: https://gdpr-info.eu
GDPR (General Data Protection Regulation) is a law passed by the European Parliament and the European Council in April 2016. The Regulation concerns the gathering, processing and the flow of personal data, throughout the territory of the Europan Economic Area (including EU member states, Norway, Iceland and Lichtenstein).
GDPR is the result of many years of work of the European Union to unify and strengthen protection of personal data of all EU citizens. It allows for a greater degree of control over the use and processing of personal data.
The new regulation comes into force on May 25, 2018 – until that time at Livespace, we will work to implement proper changes, particularly changes in our application, its terms of service and our internal procedures. On this web page, we include all the information on what we are doing to meet the requirements of the coming regulations and what the clients and users of Livespace must know in regard to GDPR.
The need to regulate the protection of personal data within the territory of the EU, came along with the free flow of employment, people and information (including personal data), which takes place in the region of the EU. So far, specific regulations of member states took different approaches to the issue of personal data – providing for lack of transparency and legal certainty within the region. Therefore, there was a need for legislation which would guarantee an equivalent level of protection of personal data throughout the Union.
The purpose of GDPR is to create uniform regulations for processing personal data within the entire European Union. The laws that are being implemented, shall relate to all entities who control or process personal data. GDPR introduces several new requirements regarding how companies should protect the personal data they are gathering and processing. The Regulation is available in full here.
We believe that the protection of personal data is critical, therefore the maximum level of security of information is and always was, our topmost priority at Livespace. Our goal is to maintain full compliance with international and state laws and privacy regulations. We began working on GDPR compliance several months ago. With the help of our legal partners at Wierzbowski Eversheds Sutherland (one of the leading law firms on the Polish market specializing in protection of personal data and laws regarding innovative technologies), we are preparing all the necessary changes, both in the scope of our agreements and internal documents, and in terms of the features of our application. We want to provide solutions which will allow the users of our application to respond to the new requirements which are imposed on them, as data controllers, in the scope of processing personal data.
| Activity | Status |
|---|---|
| Becoming familiar with the contents of the regulation and legal changes | Complete |
| Analysis of the areas within the company which the new GDPR regulation refers to | Complete |
| Participation in courses related to the coming legal changes | Complete |
| An audit conducted by a legal firm | Complete |
| Implementation of the required changes in our internal documents and procedures | Complete |
| Preparation of the new Data Processing Agreement (DPA) | Complete |
| Updating Terms of Service | Complete |
| Implementation of features to facilitate managing personal data within the application. | Complete |
If your company is based in the territory of the European Union or your Clients include EU citizens, the list below contains several issues which may be important regarding your business activity:
Controller (of personal data) is a natural or legal person, public office, organisational unit or another entity, which individually or in cooperation with other entities defines the goals and means of processing personal data. By using the Livespace application, you become the Controller of personal data which you enter into the application.
Processing entity is a natural or legal person, public office, organisational unit or another entity, which processes personal data on behalf of the data controller. Livespace sp z o.o. (ltd) is an entity which processes the personal data which is entered into the application by its users.
Processing data on behalf of the controller or the processing entity. The processing entity and each person acting on behalf of the controller or the processing entity having access to personal data processes the data only upon instruction of the data controller unless the law requires otherwise.
We work with our clients to respond to any of their questions and doubts regarding protection of personal data and fulfilling the requirements of the GDPR. If you have any questions, please do not hesitate to get in touch with us at: dataprotection@livespace.io.
Does Livespace remove data from, e.g. the trial account, which is not paid for?
Data which was entered into the application by its users is removed 70 days after the end of the trial period or from the moment they stop using the application.
Does Livespace entrust personal data to be processed further under a Data Processing Agreement?
Yes, in the scope required to provide our service. Information regarding data processors is included in Appendix #2 to the Data Processing Agreement.
Does every client have to sign a Data Processing Agreement?
It is required for the Data Processing Agreement to be accepted by the user who has admin rights. This is possible after logging into the application. Signing any documents in writing is not required.
Where within the European Union are Livespace’s servers located?
Our servers are located at the ATMAN data centre in Warsaw and Amazon Web Services in Ireland.
To what extent is Livespace a data controller and to what extent is it a data processor?
Livespace is the controller of personal data of the users of the application. Livespace is the data processor of personal data entered into the application by its users.
Wierzbowski Eversheds Sutherland is a law firm providing legal services in all areas of business operations. The firm is a member of Eversheds Sutherland, one of the world’s largest legal brands, with 66 offices in 32 countries. Wierzbowski Eversheds Sutherland advises global leaders in industries such as IT, New Tech, TMT, energy, real estate, construction, manufacturing, FMCG, finance, insurance, food, pharmaceuticals, as well as young innovative companies and startups. The firm stands out for its unmatched experience in implementing projects across the digital transformation and presence in the digital world. It supports clients in the fundamental changes across all areas of their operations affected by the digital transformation and technological development, providing a full range of advice on the search for revolutionary new business models, implementation of innovations, minimization of potential risks, and building corporate identity in a digital culture. In 2018, Wierzbowski Eversheds Sutherland celebrates its 20th anniversary on the Polish market. For more information please visit eversheds-sutherland.pl