The General Data Protection Regulation (GDPR) comes into effect on the 25th May 2018. The GDPR applies across the European Union (EU) and aims to give individuals more rights, control and understanding of how their personal data is stored and processed.
For the purposes of GDPR and the Zutec software platform, Zutec is a data processor. Zutec meets and will continue to meet any requirements placed on data processors defined under GDPR. Personal data may be processed by the Zutec software platform on behalf of participating organisations. Participating organisations (whether customers, clients, partner organisations or any other relationship paying or non-paying) that use Zutec's services act as data controllers.
Therefore, whenever a Zutec services user contacts Zutec to exercise rights under GDPR such as access, portability, rectification or erasure, Zutec will:
1) Inform the relevant data controller of the user's request.
2) Inform the enquiring user that it must be the relevant party of the data controller who makes the request to Zutec.
3) Comply with the instructions from the relevant data controller when Zutec receives it (unless there is a legal compliance reason that Zutec is required to retain the information).