ENVIROBUILD GDPR POLICY
“Controller” means the entity which alone or jointly with others determines the purposes and the means of the Processing of Personal Data.
“Data Subject” means any natural person whose Personal Data are Processed in the context of this GDPR Policy.
“Europe” means the member states of the European Union, the United Kingdom, the European Economic Area, the European Free Trade Agreement, and Monaco.
“European Data Protection Law” means Article 8 of the Charter of Fundamental Rights of the European Union and Article 16 of the Treaty on the Functioning of the European Union, and their implementations in European Union and national law, including Data Protection Directive 95/46/EC, the EU General Data Protection Regulation 2016/679, and the e-Privacy Directive 2002/58/EC (as amended by Directive 2009/136/EC); as well as all national, regional, and local data protection acts of Europe; each as may be amended or repealed from time to time.
“Personal Data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
“Processor” means the entity which Processes Personal Data on behalf of a Controller.
“Processing” or “Process” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Roles of the Parties
Data Protection Principles
Subscriber warrants and represents that: (a) Data Subjects have been informed of EnviroBuild’s use of Personal Data as required by Data Protection Laws; and (b) EnviroBuild can rely on a valid legal ground for the Processing of Personal Data under Data Protection Laws, and if required under Data Protection Laws Subscriber has obtained consent from Data Subjects for the processing by EnviroBuild in the context of the Services. Subscriber warrants and represents that, in relation to its own Processing of Personal Data, it acts as a Controller and that it will Process Personal Data in accordance European Data Protection Law, in particular relying on a valid legal ground for the Processing, providing notice to Data Subjects with regard to the Processing of Personal Data and complying with Data Subjects’ rights with regard to the Processing, as well as internal records requirements. Subscriber will take steps to ensure that any person acting under their authority who has access to Personal Data is subject to a duly enforceable contractual or statutory confidentiality obligation that are substantially similar to those required under this GDPR Policy.
Cross-Border Data Transfers
Each party may transfer the Personal Data Processed as described in this GDPR Policy outside of Europe in accordance with European Data Protection Law.
Inability to Comply. Subscriber will promptly notify EnviroBuild in writing if Subscriber cannot comply with its obligations under this GDPR Policy.