GDPR
The General Data Protection Regulation (GDPR) is the new legal framework of data protection law across the EU, that came into force on 25th May 2018. Contrary to Directive 95/46/EC, which governed this processing prior to this point, the GDPR has direct effect within the Union and does not need to be transposed at national level. In this way, it will aim to harmonise laws governing the processing of personal data across Europe. Even better, the GDPR enshrines a principle of extraterritoriality, which means that, in certain circumstances, the scope of its application can be extended beyond the frontiers of Europe. If you are an organisation that processes personal data, you are highly likely to be governed by the provisions of the GDPR. In this regard, you are subject to obligations and must abide by them. The same is true of TSG Ltd. which is bound by different obligations, in its capacity as a processor and as a data controller.
Definitions
Personal data: any information relating to an identified or identifiable real person. An identifiable real person is defined as any real person who can be directly or indirectly identified. Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collecting, recording, transmission, storage, conservation, extracting, consultation, use, disclosure by transmission and so on. Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Processor: the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
TSG Ltd. as a processor
TSG Ltd. is classed as a "processor" when it processes personal data on behalf of a data controller. This will typically be the case when you use the services of TSG Ltd. and you store personal data on an TSG Ltd. infrastructure. Within the limit of its technical restrictions, TSG Ltd. may process any data stored solely in accordance with your instructions, and on your behalf.
As a processor, TSG Ltd. commits to:
Processing personal data solely for the purposes of carrying out the services correctly: TSG Ltd. will never process your information for any other purposes (marketing, etc.).
Keeping your data inside the EU and only in countries recognised by the European Union as offering a sufficient degree of protection.
Informing you if we have enlisted a subcontractor to process your personal data: to date, no services involving any access to data you have stored as part of the service have been subcontracted outside the TSG Ltd. Entity.
Applying strict security standards to provide a high level of security for our customers.
Reporting any data breach to you without "undue delay".
Helping you meet your regulatory obligations, by providing you with comprehensive information on our services.
These commitments are solidified in our TSG Ltd. General Terms and Conditions of Service. For this reason, without any specific conditions, they can be opposed by any TSG Ltd. customer as a processor.
TSG Ltd. as a data controller
TSG Ltd. is classed as a "data controller" when we determine the purpose and method of "our" personal data processing.
This is typically the case when TSG Ltd. collects data for billing, managing accounts receivable, improving the quality of services and performance, sales prospecting, commercial management, etc. But it is also the case when TSG Ltd. collects personal data on its own employees.
In this scenario, 'your' data - the data that you store on TSG's services - is not affected. On the other hand, certain information concerning you or concerning your employees (the identity and contact details of your contact person at TSG Ltd. as part of a request for technical assistance, for example) may be. This is why TSG Ltd. is keen to explain the guarantees put in place to ensure that this personal data is protected. TSG Ltd. commits to:
Limiting data collection to what is strictly necessary: as part of these efforts, when you order a service, you only enter the details needed for TSG Ltd. to provide invoicing and support services, and to fulfil our own legal obligations concerning data retention
Not using gathered data for any purposes other than those for which it was collected.
Conserving personal data for a limited and proportionate time.
Not transferring this data to third parties other than companies associated with TSG Ltd. and acting as part of the performance of the contract.
Implementing appropriate technical and organisational measures to ensure a high degree of security.