General Data Protection Regulation
Pivotchain GDPR Compliance Statement
Pivotchain’s GDPR Compliance Statement provides information regarding the impact of the GDPR on Pivotchain and our customers, the steps taken by Pivotchain to ensure our compliance with the GDPR, and the ways in which we can assist and support our accounts and users (as data controllers) with their respective obligations under the GDPR.
OVERVIEW OF GDPR
The GDPR is the EU’s most important change in data privacy regulation in 20 years, replacing the 1995 Data Protection Directive. The GDPR has had a significant impact for all organizations doing business in the EU, as well as organizations outside the EU who offer products or services to individuals in the EU.
COMPLIANCE WITH CUSTOMER INSTRUCTIONS
As a data processor, Pivotchain is committed to processing personal data only as instructed by applicable accounts and users. We have updated our internal policies to ensure that all Pivotchain colleagues who have access to personal data shall only process such personal data on behalf of and in accordance with the documented instructions of the relevant accounts and users. In addition, we have developed a standard Legal_Pivotchain Processor_Data Protection Addendum_518 for use with our accounts that complies with GDPR requirements.
Pivotchain only collects and processes the minimum personal data necessary to provide the relevant services on behalf of our users. In addition, we don’t collect or process sensitive data.
Pivotchain has updated its IT systems and internal policies to assist with our obligation to respond to requests by data subjects to exercise their rights under the GDPR.
Pivotchain has implemented and maintains appropriate technical and organizational measures to ensure the processing of personal data meets the requirements of the GDPR, including technical and organizational measures to protect the security, confidentiality, availability and integrity of personal data (including protection against unauthorized or unlawful processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, personal data). Such technical and organizational measures may include (as appropriate based on the risk to data subjects): (a) the pseudonymisation and encryption of personal data; (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and (d) a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of personal data.
Pivotchain treats all personal data processed on behalf of our users as confidential information and ensures that all Pivotchain colleagues, agents and contractors engaged in the processing of personal data are informed of the confidential nature of such personal data. Pivotchain ensures that (a) access to personal data is limited to those performing services in accordance with the relevant account and user agreement; and (b) all such colleagues, agents and contractors are committed to confidentiality (or are under an appropriate statutory obligation of confidentiality) and receive appropriate training on their responsibilities.
Pivotchain will assist our accounts and users in ensuring compliance with their respective security obligations under the GDPR.
RESPONDING TO PERSONAL DATA BREACHES
Pivotchain has updated its policies as necessary to ensure that it provides notice to accounts and users of a personal data breach without undue delay following the discovery of such personal data breach. Pivotchain shall also reasonably assist and cooperate as instructed by accounts and users with any internal investigation or external investigation by third parties, such as law enforcement.
Please contact Pivotchain’s Data Protection Team with any questions or concerns.
Email: [email protected]
Address: Cerebrum B1 Build” 2nd Floor, Kumar Cerebrum IT Park, EFC Business Center,
Office No: 213, Kalyaninagar, Pune MH 411014 IN