9 september 2023
What is GDPR?
GDPR (General Data Protection Regulation) is a European data protection law that gives people more control over their personal data. It requires organizations to be transparent about data use, get consent for processing, report breaches, and allow data access and deletion.
When does it affect me?
If your company operates within the European Union (EU) or handles personal data of EU individuals, the General Data Protection Regulation (GDPR) applies to your business.
Is Tapify GDPR compliant?
Tapify is based in Netherlands (EU) and complies with the GDPR regulations.
The measures we take to comply:
Data control: Users maintain complete authority over the information you collect, store, and manage using Tapify.
Data security: To improve the security and quality of the service, our hosting supplier Cyso holds various certifications. ISO 27001, NEN 7510 and ISO 20000. An information security policy is in force for this and they have taken a large number of procedural and technical measures to protect personal information. Our web servers are located in the Global Switch datacenter and the backups in Equinix are both located in the Netherlands.
We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.
In some cases, we may have a legal obligation to use or keep your personal information. Such cases may include (but are not limited to) court orders, criminal investigations, government requests, and regulatory obligations. If you have any further enquiries about how we retain personal information in order to comply with the law, please feel free to enquire using the details provided in the Contact us section of this page.
Your GDPR data protection rights
Restrict: You have the right to request that we restrict the processing of your personal information if (i) you are concerned about the accuracy of your personal information; (ii) you believe your personal information has been unlawfully processed; (iii) you need us to maintain the personal information solely for the purpose of a legal claim; or (iv) we are in the process of considering your objection in relation to processing on the basis of legitimate interests.
Objecting to processing: You have the right to object to processing of your personal information that is based on our legitimate interests or public interest. If this is done, we must provide compelling legitimate grounds for the processing which overrides your interests, rights, and freedoms, in order to proceed with the processing of your personal information.
Data portability: You may have the right to request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format. You may also have the right to request that we transfer this personal information to a third party.
Right to be Informed: You have the right to be informed with how your data is collected, processed, shared and stored.
Right of Access: You may request a copy of the personal information that we hold about you at any time by submitting a Data Subject Access Request (DSAR). The statutory deadline for fulfilling a DSAR request is 30 calendar days from our receipt of your request.
Right to Rectification: If personal data is inaccurate, out of date, or incomplete, individuals have the right to correct, update or complete that data. Collectively this is referred to as the right to rectification. Rectification may involve filling the gaps i.e. to have to have incomplete personal data completed – although this will depend on the purposes for the processing. This may involve adding a supplementary statement to the incomplete data to highlight any inaccuracy or claim thereof.
This right only applies to an individual’s own personal data; a person cannot seek the rectification of another person’s information.
Deletion (Right to Erasure): You may have a right to request that we delete the personal information we hold about you at any time, and we will take reasonable steps to delete your personal information from our current records. If you ask us to delete your personal information, we will let you know how the deletion affects your use of our website or products and services. There may be exceptions to this right for specific legal reasons which, if applicable, we will set out for you in response to your request. If you terminate or delete your account, we will delete your personal information within 30 days of the deletion of your account. Please be aware that search engines and similar third parties may still retain copies of your personal information that has been made public at least once, like certain profile information and public comments, even after you have deleted the information from our services or deactivated your account.
Please use the following contact information for privacy inquiries:
Het Bassin 23B, 7671ST Vriezenveen, The Netherlands