GDPR Statement
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), adopted on April 27, 2016, is a regulation intended to strengthen and unify data protection for individuals within the European Union (EU). It also addresses the transfer of personal data outside of the EU. The primary objectives of the GDPR are to enhance EU residents’ control of their personal data and to simplify the regulatory environment for international business by imposing uniform data protection requirements on all EU members. The GDPR replaces the data protection directive (officially Directive 95/46/EC) from 1995 and is effective from May 25, 2018.
Pineapple Telecoms Ltd. is committed to compliance with the GDPR. Just like existing privacy laws, including the preceding data protection directive, compliance with the GDPR requires a partnership between Pineapple Telecoms and our customers in their use of our services and products. Pineapple Telecoms has reviewed the requirements of the GDPR, and is working to make enhancements to our services, products, documentation, and contracts to support our own compliance with the GDPR.
Pineapple Telecoms compliance with the GDPR
Data privacy and security is at the core of Pineapple Telecoms business and something Pineapple takes very seriously. Pineapple Telecoms remains committed to protecting personal data in compliance with the highest standards of privacy and security. Below is a high-level summary of Pineapple Telecoms compliance with many of the key areas of the GDPR.
Data Protection
- As the data processor, Pi will only process personal data on behalf of the data controller and on written authorisation from the data controller (i.e. through a contract or order).
- Pineapple Telecoms expects that its customers, as the data controllers, will notify their employees and users (i.e. the data subjects) of the processing carried out by Pineapple Telecoms and will obtain their consent for Pineapple Telecoms to do so.
- Pineapple Telecoms ensures the confidentiality and availability of the personal data that it processes, and that appropriate technical and organisational measures are taken to protect such personal data.
- For the majority of Pineapple Telecoms services and products, personal data is never stored by or accessible by Pineapple Telecoms.
- Logs are never stored in clear text.
- Pineapple Telecoms only allows access to personal data by personnel who are authorised administrators with appropriate privileges.
- Pineapple Telecoms does not process or store any personal data that is not needed to perform the contracted services on behalf of the data controller.
- The personal data that Pineapple Telecoms processes on behalf of the data controller will be accurate, complete, and kept up-to-date as much as technically possible.
- Personal data will not be disclosed, made available, or otherwise used for purposes other than to perform the contracted services on behalf of the data controller, except as required by law.
- All transfers of personal data outside of the European Economic Area (EEA) will only be done for the purposes of providing the contracted services to the data controller and will be subject to EU-US and Swiss-US Privacy Shield principles.
- Pineapple Telecoms retains Logs in its provided applications for rolling periods of at least six months, after which the Logs are securely purged.
- At contract termination or expiration, the Logs will be purged pursuant to the six-month retention cycle, or as earlier requested in writing by the data controller.
- Pineapple Telecoms will make available to the data controller all information reasonably necessary for the data controller to demonstrate its compliance with the GDPR.
- Pineapple Telecoms will be accountable and responsible to ensure its own compliance under the GDPR.
Security Safeguards
- Pineapple Telecoms protects personal data through reasonable security safeguards against such risks as loss or unauthorised access, destruction, use, modification, or disclosure.
- Pineapple Telecoms performs robust security measures on its systems such as antivirus, firewalls, scheduled vulnerability scanning, penetration testing and security code peer reviews.
- All Pineapple Telecoms personnel who are authorised to process personal data have committed themselves (through employment and confidentiality agreements) to the confidentiality and security of personal data.
- Pineapple Telecoms is able to ensure ongoing confidentiality, integrity, availability and resilience of its processing systems and services, in addition to restoring real-time availability and access to personal data in a timely manner in the event of a physical or technical incident.
- Pineapple Telecoms has an internal process for regularly testing, assessing, and evaluating the effectiveness of the technical and organisational measures for ensuring the security of the processing of personal data.
- Pineapple Telecoms will notify the data controller without undue delay after becoming aware of a personal data breach and will assist the data controller in reporting to supervisory authorities and affected data subjects any personal data breaches.