Joomag’s GDPR Commitment

Updated as of Apr 20, 2020

Since our inception, Joomag’s approach has been anchored with a strong commitment to privacy, security, compliance and transparency. This approach includes supporting our customers’ compliance with EU data protection requirements, including those set out in the General Data Protection Regulation (“GDPR”), which replaced the EU Data Protection Directive (also known as “Directive 95/46/EC“) and became enforceable on May 25, 2018.

If a company collects, transmits, hosts or analyzes personal data of EU citizens, GDPR requires the company to use third-party data processors who guarantee their ability to implement the technical and organizational requirements of the GDPR. To further earn our customers’ trust, our DPA has been updated to provide our customers with contractual commitments regarding our compliance with applicable EU data protection law and to implement additional contractual provisions required by the GDPR. Our contractual commitments guarantee that customers can:

  • Respond to requests from data subjects to correct, amend or delete personal data.
  • Be made aware of and report personal data breaches to relevant supervisory authorities and data subjects in accordance with GDPR timeframes.
  • Demonstrate their compliance with the GDPR as pertaining to Joomag’s Services.

What is GDPR?

The General Data Protection Regulation (“GDPR”) is the European privacy regulation which replaced the EU Data Protection Directive (“Directive 95/46/EC”). The GDPR addresses the processing of personal data and the free movement of such data. It aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law. Broadly, it sets out a number of data protection principles and requirements which must be adhered to when personal data is processed.

The GDPR also established the European Data Protection Board (“EPDB”), which ensures that the data protection law is applied consistently across the EU and works to ensure effective cooperation amongst data protection authorities.

How does the GDPR apply to customers?

Joomag customers that collect and store personal data are considered data controllers under the GDPR. Data controllers bear the primary responsibility for ensuring that their processing of personal data is compliant with relevant EU data protection law, including the GDPR and uniquely determine what personal data is submitted to, and processed by, Joomag in accordance with the Services.

What implications does GDPR have for organizations processing the personal data of EU citizens?

One of the key aspects of the GDPR is that it creates consistency across EU member states on how personal data can be processed, used, and exchanged securely. Organizations need to demonstrate the security of the data they are processing and their compliance with GDPR on a continual basis, by implementing and regularly reviewing robust technical and organizational measures, as well as compliance policies.