Compliant with GDPR

What is GDPR? 

GDPR is a new regulation by the European Union that comes into effect on 25 May 2018. It provides strong control for data privacy and enables end-users to take charge of their own personal data. 

How or why does it apply to you as a Centipark Online Store customer? 

While GDPR is an EU regulation, it is applicable to business entities worldwide, that collects personal information for any user who may be EU resident. As a Centipark Online Store customer, evaluate if GDPR is applicable to you or your entity. 

What role does Centipark Limited play in this as a vendor of Online Store Service? 

As per GDPR, if your business provides a product or service to EU residents and determines how and why to collect, track and monitor their data, you’re considered a data controller. As a Centipark Online Store customer, if you perform the activities on, Centipark Limited are considered as a data controller be consent by you to collect and use your data.

Businesses that process data on behalf of controllers are considered data processors. As a provider of web-based Retail Service, Centipark Limited plays the role of a data processor. Here are some more details about GDPR and our Business. 

How does Centipark enable service to be compliant with GDPR?

Centipark Online Store has built in the following tools and processes that will be in GDPR compliance to support any processes that go beyond the product or service to be fully compliant with the regulation

Right to Forget
GDPR requires data controllers to support a Right-to-Forget functionality for their users. This means that any user has the right to request the data controller / 
Processor to permanently delete any Personal data stored for that user. If you provide such a request and further evaluate that it is a valid request, this functionality is now provided by Centipark Online Store through "Forget Private Info" feature in User UI. This feature allows the admin to initiate a permanent delete of any data related to a specific individual, upon the individual's request at which point Data Controller / Processor will instantly hard delete the data from its database and a purge of the backup logs will also follow automatically. 

Right to Access
GDPR allows the end-user the right to request data that a controller may have stored for that end-user. To support this request, Data Controller allows the admin to self-generate Learner Transcript which can be shared with the user. Privacy by Design, Data Encryption: We process data both in transit and at rest using best-in-class encryption standards to ensure data security. Encryption algorithms used are SHA-256. This ensures that any data that you store is adequately protected so that it does not fall into the wrong hands. Centipark's architecture is designed from the ground up keeping Privacy and Security in mind.