GDPR compliance
1. Who is your Data Protection Officer?
According to the GDPR, it is not obligatory to have a DPO at our company, however, all questions and issues regarding privacy must be addressed to ourEskimi advisers “Ivanauskas & partners” and specifically our counsel Tomas Ivanauskas.
2. What personal data are you processing?
WeEskimi processprocesses and useuses for the provisioning of DSP services so-called indirect data, such as location, device specifications, browsing history, etc. No data allows us toEskimi identify the specific person and to know their name, phone number, or any other directly linkable personal data.
3. How do you gather consent (Clear affirmative act, GDPR preamble p.32) of people you process their personal data?
WeEskimi processprocesses data that was gathered by our partners by either obtaining the consent from the data subjects or on other legal grounds for data control (such as legitimate interest, service provisioning, data security, etc.). The data has been transferred to usEskimi on a legitimate contractual basis having permission from the data subject. WeEskimi requirerequires that our partners would ensure that the data initially has been collected on a legitimate basis.
4. How do you ensure it is transparent to natural persons that personal data concerning them are collected, used, consulted, or otherwise processed? (GDPR preamble p. 39).
We have our privacy policy in place whichEskimi is a clearvendor in the IAB Transparency and transparentControl mannerFramework. thatFramework informs any interested party aboutdictates how thecollection, data is collected, used,use and otherwiseprocessing processed.should Itbe isdescribed. importantEskimi adheres to stressthese thatstandards. theIn data subjects normally do not have direct contact with Eskimi as we are a B2B platform, providing services to businesses seeking to expand their interaction with users. Any data we process has been collected on a legitimate basis by data controllers either by obtaining consent from a data subject or on other legitimate grounds. Furthermore, we have adopted policies and procedures ensuring that the data subject might be able to contact us directly and to enquire about the scope of theaddition, data processing asactivities wellare as to require to terminate the data processingclearly and deletetransparently the data asdescribed in accordanceEskimi withPrivacy the GDPR.Policy.
5. Data subject should have the right of access to personal data which have been collected concerning him or her, and to exercise that right easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing (GDPR preamble 63). How these rights can be exercised?
We haveEskimihas a special procedure and a form for data subjects to request information about the scope of a person's data processing including the possibility to require that the processing would be stopped and/or the data would be deleted. We follow all the provisions of GDPR ensuring that the data subject would have full access to information about his/her data processing. Normally we would provide all the information requested under the Data Subject Access Request Form within 30 calendar days.
6. For how long you keep data in your databases?
WeData keep the datais only kept for a limited period of time that is strictly required to perform ourthe obligations towards ourthe clients under the contracts or observing other legal requirements. The data is periodically reviewed and deleted if it is not required for the purposes of business.business, Weaccording have ato Data Retention and Erasure Policy in place according to which we handle the data retention matters.Policy.
7. Do you have a data breach policy?
We haveEskimihas a procedure according to which the data breach incidents are detected, reported, and addressed. WeEskimi complycomplies with the GDPR provisions for reporting data breach incidents to relevant data authorities as well as data controllers. We have all necessary administrative, technological, and legal means to prevent data breaches and/or to minimize their impact if occurred.
Key statements:
- WeEskimi areis fully GDPR compliant.
- WeEskimi areis data processors for the provision of B2B services.
- WeEskimi dodoes not process any direct personal data.
- WeEskimi obtainobtains data from data controllers and check with them for the legal basis of data use.
- WeEskimi ensureensures that the user access we provide to our clients is based on either consent of the user or has another legal basis for processing.- We are able to provide to a person all the info on the scope of data processing and ensure the right to be forgotten.