Recently there have been many changes to the laws and requirements surrounding the practices of data management by many of the websites you frequently visit.
The GDPR (General Data Protection Regulation) is an important piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union. The regulation became effective and enforceable on the 25th May 2018.
Higher Level Strategies, Inc. (“HLS”) is fully committed to compliance with the GDPR.
What has HLS done about the GDPR?
We have taken many steps across the entire company to ensure our compliance with the GDPR. Here’s a condensed version of our GDPR Roadmap and steps taken on our journey:
1) Thoroughly researched the areas of our product and our business impacted by GDPR.
2) Appointed a Data Protection Officer.
3) Appointed EU representative.
4) Updated our Privacy Policy, Terms and other legal documents to ensure compliance.
5) Consolidated all of our company legal documents and disclaimers into one webpage.
6) Performed the necessary changes/improvements to our websites:
- Cookie consent pop up.
- Optin disclaimer text for all EU visitor IP’s.
- Legal footers on all pages.
7) Implemented the required changes to our internal processes and procedures:
- Cross-site user lookup dashboard.
- Internal TOS update announcement /acceptance popup.
- Data request and deletion procedure.
8) Finalize and communicate our full compliance.
Based on the research conducted by both our inside and outside counsels we are confident these changes will address the requirements of the GDPR.
What do HLS customers and subscribers need to do?
As one of our customers, subscribers and/or user of our products and there are two things that you should do.
#1 Please read our updated terms and policies on our legal page so that you are informed of all changes and so that you can decide whether or not to continue being a user.
#2 Please make sure that you are in compliance with the GDPR on your own websites and in your own business if you wish to continue working with us.
Frequently Asked Questions
Who does the GDPR apply to?
The provisions of the GDPR apply to any entity that processes personal data of individuals in the European Union (EU), including tracking their online activities, regardless of whether the entity has a physical presence in the EU.
We are not based in the EU. Do we still need to comply?
Yes! If you are an entity outside the EU, you should still be aware of the GDPR and comply with it if you process personal data of individuals in the EU.
We’re based in the UK. Do I still need to comply due to Brexit?
Yes! The UK will still be part of the European Union on the 25th May 2018. Also, if you processes personal data of individuals in the European Union you would still need to comply with the GDPR even post-Brexit.
We don’t charge money for the services provided. Do we still need to comply with the GDPR?
Yes! If you collect personal data, you need to comply.
What happens if we don’t comply with the GDPR?
Lack of compliance can result in fines of up to 4% of annual global turnover or €20 Million (whichever is largest) for breaching GDPR.
Do we need to appoint a Data Protection Officer?
A Data Protection Officer must be appointed in the case of : (a) public authorities, (b) entities that engage in large scale systematic monitoring, or (c) entities that engage in large scale processing of sensitive personal data. It you don’t fall into one of these categories, then you do not need to appoint a Data Protection Officer (although this is highly advisable). HLS has appointed one anyway.
What is the difference between a Data Processor and a Data Controller?
A Data Controller represents the entity that determines the purposes, conditions and means of the processing of personal data. The Data Processor is the entity which processes personal data on behalf of the controller.
Is HLS a Data Controller or a Data Processor?
HLS controls and processes its own data that it collects on its own websites from visitors and customers that have agreed to our terms of service and privacy policy.
Do I have to sign a Data Processing Agreement with HLS?
No. Higher Level Strategies does not process data on your behalf or on the behalf of its customers or subscribers. We do not store or process information FOR you. We only store YOUR information when you purchase from us or subscribe to one of our email lists. This is described in more detail within our terms of service.
In situations where you send traffic to one of our websites (like ACE for example) for the purpose of referring sales, it is only traffic that you are referring to us, you are not handing over data. The visitors you refer have the option of submitting their own data into our websites at which time they are asked to agree to our terms and privacy policy. This is not the same as you handing us their data for processing without their consent, therefore a data processing agreement is not required between us.
If you have any questions, please don’t hesitate to contact us at Privacy@HigherLevelStrategies.com