The European Union (EU) has enforced a new data protection policy called the General Data Protection Regulation (GDPR). The new regulation has been in effect as of May 25, 2018. The GDPR is designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens' data privacy and to reshape the way organizations across the region approach data privacy. The key articles of the GDPR, as well as information on its business impact, can be found here: https://www.eugdpr.org/. PeopleGoal is compliant with the GDPR directive as of May 2018.
The GDPR applies to all organizations within the European Union (EU) and any organization located outside of the EU in the case that they offer goods and services or monitor the behaviour of EU persons. Specifically, it applies to all companies processing and holding personal data of persons ("data subjects") residing in the EU.
We have evaluated our readiness towards the GDPR and made the necessary enhancements to our processes to ensure full compliance.
Specifically PeopleGoal has:
Any information related to a data subject that can be used to directly or indirectly identify the person is classified as personal data. Some examples include:
When you complete our sign-up form we collect some personal information such as your name, email address and phone number (optional). To create a trial account we ask only for a name, email and password.
PeopleGoal has a DPA in place because in some cases we are processors and not controllers of the data.
If you require further details please reach out to us via email at firstname.lastname@example.org.
PeopleGoal has acquired the E.U.-U.S. Privacy Shield Framework certification.
For more information and updates on our certification, please email us at email@example.com. You can also find links to the relevant security policies and data request processes below.
Third parties or Individuals seeking access to user data should contact the Customer regarding such requests. Our Customer controls the user data and generally gets to decide what to do with all user data (i.e. edit, delete).
Except as expressly permitted by our order form or contract or in cases of emergency to avoid death or physical harm to individuals, PeopleGoal will only disclose user data in response to valid and binding compulsory legal process. PeopleGoal requires a search warrant issued by a court of competent jurisdiction (a federal court or a court of general criminal jurisdiction of a State authorized by the law of that State to issue search warrants) to disclose user data.
All requests by courts, government agencies, or parties involved in litigation for Customer Data disclosures should be sent to firstname.lastname@example.org and include the following information:
(a) the requesting party, (b) the relevant criminal or civil matter, and (c) a description of the specific Customer Data being requested, including the relevant Customer’s name and relevant Authorized User’s name (if applicable), and type of data sought.
Requests should be prepared and served in accordance with applicable law. All requests should be narrow and focused on the specific Customer Data sought. All requests will be construed narrowly by PeopleGoal, so please do not submit unnecessarily broad requests. If legally permitted, Customer will be responsible for any costs arising from PeopleGoal’s response to such requests.
PeopleGoal is committed to the importance of trust and transparency for the benefit of our customers and does not voluntarily provide governments with access to any data about users for surveillance purposes.
PeopleGoal will notify the Customer before disclosing any of Customer’s Customer Data so that the Customer may seek protection from such disclosure, unless PeopleGoal is prohibited from doing so or there is a clear indication of illegal conduct or risk of harm to people or property associated with the use of such Customer Data. If PeopleGoal is legally prohibited from notifying Customer prior to disclosure, PeopleGoal will take reasonable steps to notify Customer of the demand after the nondisclosure requirement expires.
PeopleGoal requires that any individual issuing legal process or legal information requests (e.g., discovery requests, warrants, or subpoenas) to PeopleGoal properly domesticate the process or request and serve PeopleGoal in a jurisdiction where it is resident or has a registered agent to accept service on its behalf.
If you believe that you have discovered a security issue or a vulnerability in our platform please let us know right away. You can email the issue to email@example.com and our security team will take immediate action to resolve it.