The General Data Protection Regulation (GDPR) is a regulation in European law that was adopted on April 14 2016, but only became enforceable on May 25, 2018 after a two year transition period. This law regulates data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
The GDPR governs how companies can collect, store, delete, modify and otherwise process personal data about individuals. The individual’s personal data needs to be processed fairly, lawfully, and transparently as they own the legal rights in respect of their personal data.
The GDPR applies to all entities and individuals which process personal data as part of their activities, or the activities of one of their branches, established in the EU, regardless of where the data is processed. The law also applies to any company established outside of the EU offering goods/services or monitoring the behaviour of individuals within the EU.
The GDPR applies to all Kuasa customers, including individuals (whether located inside or outside the EU), who collect and process personal data and information from any persons within the EU, using our products and services.
In GDPR nomenclature, Kuasa acts both as a Data Controller and Data Processor.
Kuasa acts as a data processor when our customers use Kuasa Products and Services to process EU personal data. For example, if any third party’s personal information gets uploaded and processed by a Kuasa customer on a Kuasa server. In this role, we comply with both our customers’ instructions and the new legal obligations that apply directly to data processors under the GDPR.
Kuasa acts as a data controller for the EU personal information that we directly collect as a requirement of delivering our products and services and to provide prompt customer support. An example of the personal data for which we are responsible as a data controller would be the collection of our customer’s names and contact information.
We initiated a detailed and thorough analysis of our operations and processes to identify areas where GDPR compliance is necessitated. We have reviewed our products and services and revised our customer policies to ensure GDPR compliance.
Customers who handle personal data of EU residents are required to comply with the security and privacy requirements introduced under the GDPR. Kuasa’s DPA outlines the privacy and security measures that we have in place. We are both committed to our own GDPR compliance and also ensuring our customers compliance with the GDPR while using our services.
Customers have the ability to remove all information they have uploaded to our products (such as database). Similarly, they may delete their account and request that all their personal data we have collected or stored be deleted. This deletion will also delete all customer data from our subprocessors. Please log into your account at Kuasa.io for further instructions. Remember that once the account has been deleted, Kuasa will permanently delete all data except emails to prevent abuse of our free trial from customers re-registering. Please note, both the sales record and customer email addresses will not be used by any means except for Kuasa’s internal usage for these purposes.