Data Protection 2018-05-28T11:37:08+00:00

Common Privacy and Data Protection

Whilst many countries have laws designed to protect the privacy of personal data, some countries have one comprehensive data protection law, while others address data protection in a more nuanced way, through a variety of laws and regulations. While legal and regulatory requirements will differ – including due to jurisdictional requirements, industry specific requirements and content-specific requirements – there are some common considerations that arise under several leading data protection laws, which we at GSS abide. These align to the typical lifecycle of personal data. To help our partners, sponsors and customers analysing and address their privacy and data protection requirements when using GSS process content containing personal data, we discuss in person various stages of this data lifecycle, identify key considerations relevant to each stage, and provide relevant information about how the GSS services operate. Many data protection laws allocate responsibilities having regard to how a party interacts with personal data, and the level of access and control they have over that personal data. The terminology used in different jurisdictions may vary, and some laws make more subtle distinctions. We appreciate when our services are used in many different contexts for different business purposes, and that there may be multiple parties involved in the data lifecycle of personal data included in customer and partner content stored or processed using GSS services. For simplicity, the guidance in the table below show how and what will be done under our data control:

• Collects personal data from its end users or other individuals (data subjects), and determines the purpose for which the customer/partners require and will use the personal data
• Has the capacity to control who can access, update and use the personal data
• Manages the relationship with the individual about whom the personal data relates (referred to in this section as a data subject), including by communicating with the data subject as required to comply with any relevant disclosure and consent requirements

Note that the terms “data processor” and “data controller” have a very distinct meaning under EU law and this information is not intended to address specific EU requirements. Partners, Sponsors and Customers looking for guidance on EU Data protection requirements relating to data controllers and data processors should refer to our EU Data Protection Whitepaper. Where a customer processes personal data using the GSS services on behalf of and according to the directions of a third party (who may be the controller of the personal data or another third party with whom it has a business relationship), the partner, sponsor and customer responsibilities referenced in the table will be shared and managed between the customer and that third party.

Signed Peter B. Sanden
Berlin, May 25th, 2018

GLOBAL SOLAR SOLUTION – It is time for Africa