The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46EC (GDPR) has entered into force on 25th May 2016 but will not be fully applicable until 25th May 2018. One of the essential aspects of the GDPR is that it is based on prevention by companies that process data. This is known as active liability.
Companies must take measures that reasonably ensure that they are in a position to comply with the principles, rights and guarantees established by the GDPR. The GDPR understands that acting only when there has already been an infringement is insufficient as a strategy, since such an infringement can cause harm to data subjects which can be very difficult to compensate or repair.
Our Privacy Statement
At TROVIT SEARCH, S.L.U. (from now on, just Trovit) we have always respected and honored our users’ right to data protection and privacy. We consider the privacy of people important both to our clients and visitors to our website, apps, Help Center, Partners Website, Corporate site, and any other domains held by Trovit in connection with the said website. This includes domains in connection with our employees and service providers and to any other people who may provide us with information through said website or any other that are processed by Trovit as part of our provision of services (hereinafter and jointly, “you” and/or the “data subject”). In this regard, Trovit undertakes to process your personal data as provided by applicable personal data protection regulations. In particular, Trovit will comply with the provisions of the GDPR and any other related regulations which may be in force from time to time.
Over the years, we have demonstrated our commitment and reliance to data protection by complying with the local data protection regulations (Ley Orgánica 15/1999, de 13 de diciembre, de Protección de Datos de Carácter Personal and the Real Decreto 1720/2007, de 21 de diciembre, by which it is developed the Regulation regarding the aforementioned Ley Orgánica).
In addition, we already have strong Data Processing Agreements, and we are revising them to meet the requirements of the GDPR. Likewise, any international data transfer would always be made by Trovit in compliance with any personal data protection law applicable. Regardless of the place where your personal data may be collected or processed, Trovit will ensure that service providers keep all administrative, technical and physical security measures as may be appropriate to protect your information.
We use your personal data to keep you informed about Trovit services, activities, projects, updates and new website or application features by means of notices/newsletters sent by email and/or other electronic means.
We are fully aware that the GDPR will help us move towards the highest standards of operations in protecting customer data, not only in Spain but also around the globe. In this sense, we have thoroughly analyzed GDPR requirements and have put in place a dedicated internal team to drive Trovit to meet them.
How is Trovit preparing for GDPR?
Trovit is working hard and together with our providers to be GDPR compliant across all of its processing, by the time the regulation comes into effect. As a data controller, Trovit understands its obligation to provide the data subjects with the corresponding information regarding its data collection, processing, access and communication, in its case, as to get ready for the 25th May, 2018.
Measures we are taking
In light of all the foregoing and with the objective of being compliant, below you will find some of our ongoing initiatives are:
1. Identify the Personally Identifiable Information (PII) or Personal data that is being collected and processed.
2. Analyze how this PII or Personal data is being processed, stored, retained and deleted.
3. According to the conclusion on the precious points:
- review current security and privacy processes;
- review our agreements with third party providers as those subscribed with our clients;
- establish procedures to respond to data subjects when they exercise their rights;
- assess the third parties with whom you disclose data;
- establish and conduct Privacy Impact Assessment (PIA);
- elaborate and implement processes for data breach notification activities;
- provide periodical awareness and training to our employees in order to ensure continual compliance to the GDPR.
- analyzing the appointment of a Data Protection Officer (DPO).
What we do with data
In attention to all that exposed and more specifically, Trovit is nowadays:
- Identifying personal data: The different types of processing we carry out could imply a different level of personal data collection, usage, storage and disposal. We are defining the purview of personal data for each of these processing and documenting the various sources to draft a roadmap for the GDPR implementation.
- Providing visibility and transparency: One of the most relevant GDPR is the way a data controller collects and uses the personal. As a data controller, Trovit’s key role is to provide our clients and any other data subjects with the necessary information to effectively manage and protect their data. Trovit is exploring ways to make optimal services enhancements without compromising on performance so that we can provide better transparency to data subjects.
- Enhancing data integrity and security: We are streamlining the processes for our IT applications by implementing the corresponding policies and procedures that provide end-to-end security.
- Portability and transferability of data: GDPR gives data subjects the right to either receive all the data provided and processed by us or transfer it to another controller depending on technical feasibility. Trovit is working on further enhancing its data exporting capabilities to enable export even at the individual level.