T A N G I S H

GENERAL DATA PROTECTION REGULATION

Last updated date: 01 Nov 2019

On May 25, 2018, The General Data Protection Regulation (GDPR), which ensures the strengthening of the data protection rights for all individuals in the European Union (EU), came to effect. This regulation not only governs the companies embodied within the European Union (EU) but also extends the EU’s data protection to cover all foreign (non-EU) companies processing data of EU residents’. Its sole purpose is to empower and fortify the privacy rights of the EU residents, giving citizens the absolute right and access to their personal data. The information about how the data is being acquired, processed, and its intended use is also to be made available to the EU residents on request which in turn reinforces the data privacy rights of the EU residents’. Tangish’s Commitment to Data Protection and GDPR Compliance: We, at Tangish firmly believe in an open communication channel between us and the companies/users that we provide services to. We also are equally dedicated to the preservation of the privacy and the integrity of the data of all the users that we service. To ensure this, we audit our process by conducting assessments on a termly basis making us GDPR complaint. The assessments are carried out by carefully examining the relevant stipulations stated by the GDPR and creating procedures to comply with the applicable Tangish processes. These steps, as well as ongoing efforts, help us in developing tools and procedures that ensure continuing GDPR compliance for all customers and users of Tangish products and services.

GDPR Overview
Adopted on 14 April 2016, after a two-year transition period, becoming enforceable on 25 May 2018, The GDPR (Regulation (EU) 2016/679) replacing the previous directive (Data Protection Directive 95/46/EC). Because the GDPR is a regulation, not a directive, it does not require national governments to pass any enabling legislation and is directly binding and applicable. It also extends jurisdiction and unifies regulations to cover all processing of personal data of EU residents, regardless of a company’s location. A processor of personal data must clearly disclose any data collection, declare the lawful basis and purpose for data processing, how long data is being retained, and if it is being shared with any third-parties or outside of the EU.

KEY OUTCOME
Scope Regulations apply to all companies processing personal data of EU residents, regardless of company location.
Consent Companies must clearly communicate that they are collecting personal data and how it is meant to be used. Also ensuring that the customer is informed that they are giving consent.
Breach Companies are mandated to notify impacted customers and relevant parties within 72 hours of first becoming aware of a data breach likely to “result in a risk for the rights and freedoms of individuals."
Right to access Availability of information. Consumers have the right to request information on whether or not their data is being processed, where and for what purpose and data controllers must comply in responding.
Deletion Availability of information. Consumers have the right to request information on whether or not their data is being processed, where and for what purpose and data controllers must comply in responding.
Deletion Companies must comply when consumers ask that their personal data no longer be processed or distributed, or that it be erased completely.
Data portability Consumers have the ability to transfer the personal data that they have requested to another Company
Privacy by design Companies must implement the appropriate technical and procedural measures to ensure data protection from the start of any new endeavour of major change
Data protection officers Public authorities, and businesses whose core activities centre around regular or systematic processing of personal data, are required to employ a data protection officer(DPO), who is responsible for managing compliance with the GDPR

Users have the right to request a portable copy of the data collected by a processor in a common format, and the right to have their data erased under certain circumstances.
Key Updates With passage of the GDPR (EU) 2016/679, new rules and guidelines were established and communicated. Per the EU GDPR portal, the following changes go into effect with the enforcement of the GDPR.
IMPLICATIONS FOR OUR CUSTOMERS AND PANEL PARTICIPANTS Here at Tangish, we understand that trust is the cornerstone of any authentic customer relationship. Since the platform is created to aid collaboration and communication between teams and members of an organisation, which primarily involves personal messaging, file sharing and company sensitive data, security and data protection inevitably become the profound pillars for the platform. Any breach of data on the platform will result in a grave impact to both, our customers and our business. For this reason, the GDPR aligns directly with our goals and ideologies: that we have to respect the privacy and ensure the security of data of all customers, organisations and associated parties who have made the choice to do business with us.
Information regarding data processing
As a platform, Tangish takes personal information in the form of an email ID, from the user at the time of onboarding on the platform and based on the users discretion, the rest of the information may be provided later. Users input the information onto the platform in the form of tasks, sales lead, messages, files etc. and share them with their associates or other users on or away from the platform. The sharing enables the other users to be privy to the information which include messages, files and other information shared by the sender to the receiver. Email Id The resulting profile created, gives the user the privilege to store and process the following information: Information (E.g. Name, DOB, Phone number). id of the users content has to be shared with or has been shared with. Messages shared on the platform (To and from the user). File sharing on the platform (to and from the user).
Business critical information.
While this additional processing is facilitated by the platform, it is completely controlled by the customer. This information is processed by the system and used in the following manner. Sharing of information between mentioned parties as per the user. Checking the user activity status and performance on the platform. Sharing user information (Demographics and real time traffic) with third party software's as stated in the integrations page of the website, for analytics. Towards these outcomes, Tangish engages in the usage of products and services of other vendors. As a step in ensuring GDPR compliance, Tangish has reviewed and continues to assess vendors for compliance assurances. All the vendors that Tangish takes any amount of service are mentioned in the integrations page explicitly. Support for our customers: For support on how to access, inspect, update and remove personal information, customers can email gdpr@Tangish.com. To contact the Tangish’s Data Protection Officer, responsible for compliance and enforcement of our privacy policy and matters pertaining to GDPR, customers can email dpo@Tangish.com

KEY Links to terms of use
Terms & conditions https://www.tangish.com/terms-and-conditions.html
Privacy policy https://www.tangish.com/privacy-policy.html

RESOURCES
GDPR Resources
The EU GDPR Portal UK Information Commission Guide to the General Protection Regulation (GDPR)

Start Planing Today

Sign up and become a champion of the revolution
happening around the world by using Tangish to get more done.