GDPR (EU General Data Protection Regulation)

EvTrack and the General Data Protection Regulation (GDPR)

Europe’s General Data Protection Regulation (aka GDPR) is a new and far-reaching privacy regulation. We are committed to operating in accordance with the GDPR, and to giving you tools and resources to help you better understand and comply with the law on your own site/estate or business premises.

We value the privacy and security of our users’ data. We’ve always had privacy protection in place to help you control your visitors and access control system We’ve put a lot of time, thought, and effort into building tools and documentation to help our products comply with the new law.

The below FAQ provides more specific detail about the law and how we are implementing the GDPR’s principles.

General Questions

What is the GDPR?

The GDPR, among other things, requires companies and app developers to be transparent about how they collect, use and share personal data. It also gives individuals more access and more choice when it comes to how their own personal data is collected, used, and shared.

You can read the full text of the law here. We also found these resources helpful in understanding the principles and specific requirements of the law:

When does the GDPR take effect?

The law took effect on May 25, 2018.

Who does the GDPR apply to?

The GDPR is a European law that grants personal data rights to individuals in the European Union. However, its requirements apply to all sites and online businesses who collect, store, and process personal data about individuals in the EU.

How can I get in touch with you with a GDPR related request?

You may email us at legal@evtrack.com or by post to:

EvTrack (Pty) Ltd 64 Canterbury St Zonnebloem Cape Town Western Cape South Africa

Questions About Your Rights As A User of our Services

What rights does the GDPR give me?

The GDPR gives EU individuals rights to their personal data. There are some exceptions/exemptions to the rights granted by the GDPR, but in general it includes rights to:

  • request access to the data we store about you
  • request updates/changes to your personal data
  • request the deletion of your personal data
  • take your personal data to a new service
  • request we limit our collection and use of your personal data (e.g., opt out of being tracked by our first party analytics tool)

Although GDPR is a law that only applies within the European Union, we are offering tools to manage your personal data to all of our users.

Additionally, you can expect that we as a company will work to protect the privacy of your personal data, will only collect the data when we have a reason to do so, and will delete your personal data once we no longer have a need for it.

How do I request access to my personal data? How do I request changes to it?

If you’d like to know what personal data we have stored about you, please contact us with your request. If upon reviewing that data you need to request changes to it, please let us know and we will work with you to make the necessary corrections.

How do I delete my personal data?

Although we’d be very sad to see you go, please contact us with your request.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or comply with applicable legal requirements.

How else are you protecting my privacy and my personal data?

User privacy is critically important to us at EvTrack. Our privacy principles align with many of the GDPR principles, and we built our products and services with those principles in mind.

  • Control of Your Content. We aim to give you as much control as possible over who can see your content.
    • EvTrack saves as little personal data as possible. Only mandatory fields are collected and stored as defined by the Data Controller/Administrators.
    • EvTrack encrypts all personal data
    • All data transmission communication is encrypted
    • All Data At Rest on EvTrack Kiosk is encrypted via RSA/AES
    • Explicit permissions are required to view PPI
    • All View Requests for PPI is logged (audit logs)
    • PPI is masked in event logging
    • PPI is not shared or shared with 3rd parties
    • Have data breach, right to forget and request for PPI procedures in place.
    • Reasonable steps are taking to sure that the application is updated and secured as per R3
    • Data Retention is customisable on a per-tenant basis
What is a Data Processing Agreement (or amendment) and do I need one?

DPAs are contractual tools for app developers and companies to make commitments to their customers, vendors, and partners that their data handling complies with the law. Please email legal@evtrack.com for a copy.

Data Collection Questions

What data do you collect about me?

We have always tried to collect the minimal amount of data that’s necessary. EvTrack saves as little personal data as possible. Only mandatory fields are collected and stored as defined by the Data Controller/Administrators.

For a more detailed description of the data we collect, please refer to our respective policy pages at https://docs.evtrack.com/privacy-and-security/privacy-policy.

Does EvTrack sell or give away my personal data? What about the personal data of my visitors?

We do not sell private personal information.

We will share information about you, or your visitors or users, in limited circumstances, and with appropriate privacy safeguards. You can read more details of when we share your information, and what we share, in our privacy policies. You can find similar information about the data we collect on visitors in our privacy notice.