We’re committed to partnering with eFolio Accounts customers and users to help them understand and prepare for the General Data Protection Regulation (GDPR). The GDPR is the most comprehensive EU data privacy law in decades, and will go into effect on May 25, 2018.
Besides strengthening and standardizing user data privacy across the EU nations, the GDPR will impose new or additional obligations on all organisations that handle EU citizens’ personal data, regardless of where the organisations themselves are located.
To ensure we meet GDPR compliance requirements we have reviewed all our functionality including data related policies and procedures and have addressed the topics below as described.
Key decision makers and people within eFolio Accounts are aware that the law is changing with respect to GDPR and have ensured the relevant areas of our business model are fully compliant.
Information we hold
We have documented the personal data that we hold, where it came from and who we share it with. We have also documented our data protection principles to help ensure that we have effective policies and procedures in place.
We continually review contracts with all third parties we engage, for example payment processing organisations, to confirm their GDPR compliance.
Communicating privacy information
We have ensured that our policies and procedures have been updated to protect the rights of individuals as required by the GDPR. These rights include:
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making including profiling.
Subject access requests
eFolio Accounts users may request a copy of the information that we hold about them. We will not charge for complying with these requests.
- Is freely given; and
- Specific; and
- Informed; and
- Unambiguous; and
- Via a positive opt-in
Lawful basis for processing personal data
As a consenting user of eFolio Accounts software, we have a lawful basis for processing your personal data. This does not infringe on your individual rights as listed above.
eFolio Accounts does not offer online services to children.
Protecting our customers’ information is extremely important to us. As a cloud-based company, we’ve set high standards for security and we have invested in building robust security measures. In accordance with GDPR requirements around security incident notifications, eFolio Accounts will continue to meet its obligations.
We regularly review and update our procedures to ensure we have a compliant and clear approach in place to detect, investigate and report a personal data breach.
Data Protection by Design and Data Protection Impact Assessments
eFolio Accounts has always adopted a privacy by design approach. In addition, we continually perform Data Protection Impact Assessments for situations that warrant it.
If you’d like to learn more about our security policies and procedures, please see our security page, which provides detailed information on how we approach security.
Data Protection Officer
Data protection is at the forefront of all all eFolio Accounts employees when handling user data. We also ensure that there is a Data Protection Officer, who has the knowledge, support and authority to carry out this role.
eFolio Accounts operates in more than one EU member state. As Ireland is our main establishment, we have determined that our lead data protection supervisory authority is the Data Protection Commissioner’s Office.
Fulfilling our privacy and data security commitments is important to us. This page will be revised to reflect GDPR-related information as it becomes available. If you have any questions about how eFolio Accounts can help you with compliance, please get in touch at any time.