General Data Protection regulations has come into force from 25 May 2018 and applies to all businesses doing business in or with a person in the EU.
The GDPR regulation can be reduced to the following most important points. For each point, we explain how we handle its compliance.
All employees at LimeProxies working on infrastructure management are fully aware of the GDPR requirements.
Additionally, regular audits and updates are performed on service components that store sensitive and personal user data such as but not limited to the client area, payment systems, etc.
LimeProxies does not resell, any kind of user data. Our business model is solely based on paid services (ie. the user is not the product).
LimeProxies customers rights regarding to GDPR are considered and enforced, including:
Right to be informed:
We clearly inform our users about the use that will be made of their data
Right of access:
Our users can access all their data, without restriction as long as the subscription is active after which the data shall be permanently removed and erased from our systems
Right of rectification:
It’s as simple as sending us an email, we’ll process all your rectification queries
Right of erasure:
It’s as simple as sending us an email we’ll process all your erasure queries
Right to data portability:
Our users may contact us anytime if they wish to get an export of their data
Right to object:
We handle all requests on this matter from our users and users’ end-users
Right not to be subject to automated decision-making including profiling:
We don’t do that (and never will)
SUBJECT ACCESS REQUESTS
LimeProxies replies to all access requests (positively or negatively) under 1 month (the legal limit from GDPR).
Consent is provided by our users explicitly when proceeding an action or task (eg. when they provide user data).
Our team closely monitors any unauthorized system access and has put in place multiple preventive measures to reduce the attack surface on our systems and services. In case of a highly unlikely even where customer data has been breached, we shall notify the user in less than 72 hours time.
We take our obligation under GDPR very seriously and while the regulations are a challenge to implement, we believe they are a change for the better and fully support them.