What is GDPR?
The General Data Protection Regulation (GDPR) is effective from 25th May 2018. The GDPR aims to strengthen the security and protection of personal data in the EU and will replace the European Privacy Directive and national legislations accordingly. Nihongo No Kai welcomes the GDPR Legislation to better protect you, the consumer and how we handle your data.
The following are key aspects of the GDPR, and how it relates to Nihongo No Kai.
There are 4 aspects to the GDPR that Nihongo No Kai has considered as part of our GDPR compliance:
1) The right to data portability:
Individuals have the right to a copy of all the personal data that controllers have regarding to themselves. It also must be provided in a way that facilities can reuse. At any time, Nihongo No Kai is willing and able to provide our customers with the data that we hold and data we receive from our partners.
2) The right to be forgotten:
This gives individuals the right to have certain personal data deleted so third parties can no longer trace them. Data is not stored on any individual in any systems that belong to Nihongo no Kai.
3) Privacy by Design
This helps to facilitate the inclusions of policies, guidelines, and work instructions related to data protection in the earliest stages of projects including personal data. This aspect does not apply to Nihongo No Kai.
4) Data Breach Notifications
Controllers must report personal data breaches to the relevant supervisory authority within 72 hours. If there is a high risk to the rights and freedoms of data subjects, they must also notify the data subjects. Nihongo No Kai has an escalated process in order to ensure the security of user data. Information about whether or not user data has been part of a breach is available upon request.
GDPR Compliance for Nihongo No Kai
We do not process personal data on behalf of the Customer and we don’t have access to any personal data in our customer’s systems (Customer Personal Data). Moreover, Nihongo No Kai is not able to monitor the processing of Customer Personal Data in our customer’s systems.
What personal data do we collect/store?
At Nihongo No Kai we collect two types of data on our users; passive and active. Passive collection is the data that is collected when users use our website or app, whether on their mobile or the web. This data is collected using Google Analytics and it contains the following information:
This data does not contain any directly identifying markers such as name, email or similar. Our active data collection is currently saving of points, name and email address. Signing up for Push Notifications in the iOS app links a ‘token’ from your device to your account which is updated periodically. We cannot link the token to a device, only the token to your account.
How does Nihongo No Kai Address GDPR?
Data Access Control
The controller shall implement appropriate technical and organisational measures for ensuring that by default, only personal data which are necessary for each specific purpose of the processing are processed.
Monitoring of Access Activities
Each controller and where applicable, the controllers representative, shall maintain a record of processing activities under its responsibilities
Organisations must implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including the pseudonymisation and encryption of personal data
Strong Compliance Framework
Appropriate technical and organisational measures may need to include “the ability to ensure the ongoing confidentiality, integrity, availability and resilience of the processing systems and services
Any GDPR related questions and any data subject requests can be addressed to Nihongo No Kai’s Data Protection Officer at hello [at] nihongo.life.