The General Data Protection Regulations (GDPR) came into effect on May 25th, 2018 and applies to all EU citizens but must be upheld by all organizations worldwide.
The aim of GDPR is to provide protection to individuals for their personal information to ensure it is held and processed lawfully.
Personal data is defined as any information relating to an identified or identifiable natural person (a natural person who can be identified directly or indirectly). The data applies to both automated data and manual filing systems.
Cited, Inc., 2711 Centerville Road, Wilmington, Delaware respects and is committed to protecting the privacy of all its clients. We can be contacted at this address or by email: firstname.lastname@example.org or via telephone at 1 302 384 9810. If you disagree or are unhappy with the way we handle your personal data and we are unable to resolve your issue, you have the right to file a complaint with the Information Commissioner’s Office (ICO).
Cited, Inc. will apply the following principles when collecting data:
1. We will only collect data and use this information where we have lawful and legitimate business reasons to do so
2. We will be transparent and tell you how we will use your information
3. If we have collected your information for a particular purpose, we will not use it for anything else unless you have been informed and, where relevant, your permission obtained
4. We will update our records when you inform us that your details have changed and erase or rectify any inaccurate data
5. We will implement and adhere to retention policies relating to personal data
The personal data that Cited, Inc. holds for its clients is: Name, address, telephone number, email address, IP address and bank or credit card details. This information is needed to enable employees of Cited, Inc. to provide a service to its clients and make charges for these services.
Lawful basis for processing data will be to fulfill our contractual obligation to our clients.
Where we use a third party to process payment information on our behalf, we will only pass the information that is necessary for this purpose. The information will be transferred, processed and stored in a secure manner and only with companies that are compliant with General Data Protection Regulations (“GDPR”)
Where a third party is used for licensing purposes, we will only pass information that is necessary for this purpose (usually first name and second name). The information will be transferred, processed and stored in a secure way and we will ensure the supplier has the appropriate security measures in place.
Cited, Inc. will only use the data for the purpose for which it has been provided, i.e. the contract of service – if Cited, Inc. wish to use the data in any other way, we will seek consent from you and this consent may be withdrawn by you at any time.
In accordance with the GDPR regulations, clients are able to have access to all their own personal data. This request must be put in writing and we will respond to requests within one month in the majority of cases. The client can request that any inaccurate personal data is corrected and that incomplete data is completed.
Retention of Data
Cited, Inc. will ensure that data is kept in accordance with its data retention policy which can be made available on request. Once the retention period has expired, Cited, Inc. will only retain information if there is a compelling reason to do so, otherwise the data will be erased.
In accordance with GDPR, we will notify the ICO without undue delay but in any event within 72 hours of becoming aware of the breach, where a breach is likely to result in risk to an individual’s rights and freedoms. We will contact you in the case of a data breach – which is defined as a security incident that has affected confidentiality, integrity or availability of personal data.
What do we use your information for?
Any of the information we collect from you may be used in one of the following ways:
- To process transactions
Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested.
- To send periodic emails
The email address you provide for order processing, will only be used to send you information and updates pertaining to your order. Emails may also be sent to notify you of technical issue or service updates.
How do we protect your information?
We apply all industry standard security measures to protect your personal information. These measures include data encryption, protected access to client personal information from within our facilites, encrypted (SSL) transfer of sensitive data and data entry forms. All supplied payment information is transmitted via Secure Socket SSL and encrypted directly into our payment gateway providers database (Authorize.net and PayPal). We do not store credit card information on our servers. Our data centres (where are physical servers are located) are SSAE16 Compliant and conform to all US, UK, and EU data privacy and protection requirements and standards.
Yes (Cookies are small files that a site or its service provider transfers to your computers hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.
Do we disclose any information to outside parties?
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in processing payments (i.e. our payment gateway providers) and domain registration. We may also release your information when we believe release is appropriate to comply with the law.
Last updated 02/01/2020