vFairs GDPR Compliance Statement

Introduction

The EU General Data Protection Regulation (“GDPR”) came into force on 25 May 2018.

The GDPR is the EU’s most important change in data privacy regulation in 20 years, replacing the 1995 Data Protection Directive. The GDPR has had a significant impact for all organizations doing business in the EU, as well as organizations outside the EU who offer products or services to individuals in the EU.

Our Commitment

vFairs’s GDPR Compliance Statement provides information regarding the impact of the GDPR on vFairs and our customers, the steps taken by vFairs to ensure our compliance with the GDPR, and the ways in which we can assist and support our users and customers (as data controllers) with their respective obligations under the GDPR. Our practice is summarised below.

How We Prepared for GDPR

vFairs already have a consistent level of data protection and security across our organisation, but we have introduced new measures in response to GDPR.

Policies and Procedures — we have revised data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws.

Lawful Processing

We have included information about both the purposes of the processing and the lawful basis for the processing in our Privacy Policy in accordance with the transparency principles of GDPR.

Customer Data Processing Addendum

We have revised our Data Processing Addendum to comply with requirements of Article 28 of the GDPR.Data Protection – Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities, with a dedicated focus on privacy and the rights of individuals.

Data Retention and Erasure – we have updated our retention policy and schedule to ensure that we meet the “data minimisation” and “storage limitation” principles and that personal data is stored, archived and destroyed in accordance with our obligations. We have procedures in place to meet the “Right to Erasure” obligation.

Data Breaches – our procedures ensure that we have safeguards in place to identify, assess, investigate and report any personal data breach. Our procedures have been explained to all employees.

International Data Transfers and Third-Party Disclosures – where vFairs stores or transfers personal data outside the EU, we have robust procedures in place to secure the integrity of the data.

Data Subject Access Request (DSAR) – we have revised our procedures to accommodate DSARs within the required timeframe for providing the requested information and for making this provision free of charge. Data subject requests are facilitated through DSAR Form.

Privacy Policy – we have revised our Privacy Policy in accordance with the transparency principles of GDPR.

Obtaining Consent – we have revised our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information

Direct Marketing – we have revised the wording and processes for direct marketing, including clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials.

Third Party Processor Agreements – where we use any third-party to process personal data on our behalf, we have drafted compliant Processor Agreements and maintain due diligence procedures for ensuring that they meet and understand their/our GDPR obligations.

Information Security and Technical and Organisational Measures

vFairs takes the privacy and security of individuals and their personal data very seriously and takes reasonable measures to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal data from unauthorised access, alteration, disclosure or destruction.

GDPR Roles and Employees

vFairs have designated a Data Protection Officer and maintains a data privacy team for complying with the data protection Regulation. The team are responsible for promoting awareness of the GDPR across the organisation, assessing our GDPR compliance, identifying any gap areas and implementing relevant policies, procedures and measures.

vFairs understands that continuous employee awareness and understanding is vital to the continued compliance of the GDPR and have involved our employees in our implementation plans.

EU GDPR Representative

vFairs have appointed below GDPR representative in Europe to maintain effective liaison with EU Data Protection authorities:

Osano International Compliance Services Limited

ATTN: 4UKF
25/28 North Wall Quay
Dublin 1, D01 H104
IRELAND

If you have any questions about our GDPR compliance policies, please contact vFairs Data Protection Officer at privacy@vfairs.com.