Thank you for choosing XQSeat! We have taken all necessary steps that a responsible and competent provider of services such as XQSeat would be expected to take to meet and maintain the GDPR requirements and the security and integrity of all users’ data.
XQSeat and GDPR
XQSeat contracted an external Privacy Expert Auditor from European Union to conduct an independent GDPR assessment on our website, application, and services and to certify that we exceed the stringent requirements expected of a cloud service. To request further information about our GDPR compliance, security protocols and audits, contact us.
What is GDPR exactly?
The General Data Protection Regulation (GDPR) is an EU Regulation enhancing the privacy and protection of citizens’ personal data within European Union and came into force on May 25th, 2018.
GDPR provides a data privacy and protection law for all EU Member States. The Regulation aims to provide greater transparency, protection and control for personal data of citizens within the European Union as regards to processing their personal data.
Personal data refers to any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as name, contact details, location data, gender.
The processing of data refers to the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction, of personal data.
How does GDPR apply and to whom?
Regardless of whether your organization is from or outside EU, if you are processing personal data of citizens within European Union you will be under the jurisdiction of this law. GDPR applies to XQSeat because various churches and ministries that use our application and services are processing personal data of citizens within EU. GDPR applies to those churches and ministries as well.
XQSeat is either a Data Controller or a Data Processor, depending on the type of processing of personal data. A Controller is an organization that determines the purposes and means of the processing of personal data, while a Processor is an organization that processes personal data on behalf of the controller. Whatever the situation, we have taken all the necessary steps required by law, and more, to be GDPR compliant!
How is XQSeat GDPR compliant?
We take GDPR seriously. We took various steps to protect your personal data from loss, misuse, and unauthorized access or disclosure. These steps considered the sensitivity of the information we collect, process and store, and the current state of technology. We use commercially reasonable and industry-standard physical, managerial, and technical safeguards to preserve the integrity and security of your information.
We comply with GDPR by:
- committing to help our users understand their rights and our obligations under the GDPR. We have introduced tools and processes to ensure our compliance with requirements imposed by the GDPR and to help our Churches and Ministries comply as well. To learn more about this please see our privacy policy.
- giving our users control through our cookie settings page, over what cookies they would like to be collected. To learn more about cookies please see our cookie policy.
- allowing our users to have full control over their data. By accessing settings from their user account, a user may change passwords, view personal information available through individual profile records, delete their account and erase all data, give various levels of access to members (including permission to view personal data), export or import personal data, or invite members to create an account and authorize them to edit personal data as necessary. To learn more details please see our program features
- regularly undergoing GDPR audits to identify potential vulnerabilities and ensure that our website, platform, and services apply the latest threat protection technologies.
- having in place Data Processing Agreements with all our vendors to whom we are transferring personal data. These vendors are both within European Union and outside of it, and we have shielded data transfer with Standard Contractual Clauses approved by European Commission and other mandatory safeguards.
- running Data Protection Impact Assessment (DPIA) for those processing activities that could result in a high risk to the rights and freedoms of natural persons. The results of our performed DPIA showed that we fully respect users’ rights and we do not violate any GDPR provisions.
- providing bank-level security to encrypt user’s data with AES-256 SSL encryption both while in transit and upon storage in our secure cloud.
- protecting users logging into our application with HTTPS secure communication sessions using SSL.
- hosting our infrastructure with a top vendor that utilizes state of the art electronic surveillance and multi-factor access control systems. The data centers are protected 24×7 by trained security guards. The infrastructure resides in a virtual private cloud, thus limiting access. Our data collection, storage, and processing operations are guarded both physically and virtually from the outside world.
- providing our admins with a detailed trail of account log activity. System and user access to our infrastructure are logged and stored.
- setting up procedures for our personnel with access to users’ data to authenticate themselves using username, password, and multi-factor authentication (MFA). Our personnel access controls are managed through a role-based, security group management system.
How are we helping your organization by being GDPR compliant?
GDPR establishes a set of rules or principles for organizations to comply with. XQSeat adhered and respects them so your organization could benefit from them, by increasing trust of your members, receiving more family data at your members’ own initiative, or, possibly, receiving even more donations.
The principles we bound to under this law are:
- Lawfulness, Fairness and Transparency – we are processing personal data lawfully, fairly and in a transparent manner in relation to you.
- Purpose Limitation – we are collecting your data for specified and legitimate purposes.
- Data Minimization – we are collecting and storing adequate, relevant and limited personal data to what is necessary in relation to you and to the purposes for which the data are processed.
- Accuracy – we keep your data accurate and up to date, erasing or rectifying inaccurate data without delay.
- Storage Limitation – we keep your data no longer than is necessary.
- Integrity and Confidentiality – we protect your data against unauthorized or unlawful processing and accidental loss, destruction or damage.
Would you like more details about XQSeat’ GDPR compliance?
If you would like to find out more details or have any questions regarding our compliance with GDPR, feel free to contact us here. We will respond to your request as soon as possible