Commitment to data protection

The General Data Protection Regulation (GDPR) is a European law designed to protect the personal data of EU citizens that came into force on May 25, 2018. Under the GDPR, companies that collect, hold, use or otherwise process the personal data of EU citizens (regardless of the location of the company) are required to implement certain data protection and security measures for that data. GroupLotse has implemented a comprehensive GDPR compliance program and is committed to working with its customers and suppliers on GDPR compliance measures. Some key steps GroupLotse has taken to align its processes with GDPR include:

• Revision of our policies and contracts with our partners, suppliers and users
• Improving our security practices and procedures
• Accurate verification and attribution of the data we collect, use and pass on
• Creation of a more comprehensive internal data protection and security documentation
• Educate staff on GDPR requirements and best practices to ensure data protection and security/privacy in general. Below are more details on the key areas of GroupLotse's GDPR compliance program and how customers can use GroupLotse to support their own GDPR initiatives.

According to the GDPR, “controllers” (ie bodies that determine the purpose and manner of data processing) are obliged to enter into agreements with other bodies that process data on their behalf (so-called “processors”). GroupLotse offers its customers, who are responsible for the processing of personal data from the EU, the possibility to enter into a comprehensive data processing agreement, under which GroupLotse undertakes to process personal data in compliance with the provisions of the GDPR.

Under certain circumstances, the GDPR grants the individual data subject the right, among other things, to obtain information about their data, to delete it and to make corrections. GroupLotse strives to process data subject requests in accordance with the GDPR, as outlined in our Data protection described in more detail.

At its core, the provisions of the GDPR are about transparency, fairness and accountability. Accordingly, the law requires companies to maintain documentation about their privacy practices and their decisions about how to handle individuals' personal information. GroupLotse shares the GDPR's commitment to these principles and GroupLotse has incorporated into its ongoing GDPR compliance program the documentation on data collection and processing and the various policies and guidelines that GroupLotse follows in compliance with the GDPR. For more information about how GroupLotse collects, uses, and discloses personal information, please see the Data protection from GroupLotse.

The GDPR obliges companies to take appropriate technical and organizational measures to protect the security, confidentiality and integrity of personal data. Safety is the top priority for GroupLotse. We have taken a number of safeguards to protect our platform, including encrypting web connections to protect data transmissions, replicating our databases to help ensure platform reliability, and controlling access to our facilities and office network.

The requirements of the GDPR are extensive, but the legal and regulatory requirements will evolve. As data protection authorities in Europe interpret the requirements of the GDPR and issue guidance, we will continue to monitor these developments closely and review our program for changes and improvements as necessary. We value communication with our customers. If you have any questions about our GDPR compliance efforts, or if you are a controller's customer and have questions about how we can assist you with your own GDPR compliance efforts, please contact us at privacy@grouplotse.com..