The General Data Protection Regulation (“GDPR”) takes effect on May 25, 2018, we at Kidoz Ltd. (“Kidoz” or “Company”) are fully committed to comply with GDPR, thus, for months we have designated an internal team, which are accompanied by the our legal consultants and other professional and expert consultants, for the sole purpose of ensuring all required actions are taken in order to achieve GDPR compliance.
Company only processes personal data to the extent necessary to provide the Kidoz services and in accordance with applicable privacy laws including the GDPR. Company has ensured there is an applicable lawful basis for any and all processing of EEA users’ Personal Data and the lawful basis is documented. Further, Kidoz, in its role as our partners’ processor has ensured applicable Data Processing Agreements were signed and that Kidoz implemented appropriate security measures (as detailed below) to protect the data processed by it.
Company has trained its personnel and employees to educate them with regards to the GDPR, Company’s data practices and the importance of security.
Technological Organizational and Security Standards
The Company has completed an in-depth audit the process of mapping out all of its data sets and its technical and organizational security measures, all as stipulated in our security policy- for more information please see: www.kidoz.net/security
Our tech and security teams are currently hard at work making necessary changes to the facilities.
Company has ensured all documents, including without limitations, agreements, privacy policies online terms, etc. are compliant with the GDPR. Our Legal team is busy ensuring our legal documentation is updated to reflect any changes and to include the mandatory Processor provisions required by Article 28 of the GDPR.
Data Protection Officer
Company has appointed a DPO in order to ensure ongoing compliance with the GDPR which can be contacted at: firstname.lastname@example.org.
In accordance with GDPR, data subjects may exercise the right to access, rectification, restrict processing, erasure, data portability, the right to complain to a supervisory authority and the right to not be subject to automated processing. In order to exercise any of the above rights we have appointed a DPO which you may contact at: email@example.com and have internal process of ensuring that end users are able to manage their communication preferences in a way that puts control in the data subject’s hands.
Transparency to Regulators
Company maintains accurate and accessible written records to the extent legally required to provide authorities, all in a timely manner.
Company has implemented a process, in the event of a data breach and will provide the data controllers, the regulators and the end users with an immediacy of notification to the extent required under applicable law.