Our way of general data protection regulation (GDPR)
We are pleased to present our corporate company profile, highlighting our commitment to data security and compliance with the General Data Protection Regulation (GDPR). At WeetyChat, we prioritize the highest level of security and adherence to regulatory requirements, ensuring the protection of sensitive information. Over the past four years, the European Union has diligently worked on GDPR to fortify data security, streamline processes, and safeguard the personal data of EU citizens.
GDPR encompasses various types of data, including contact information, customer interactions, specific requirements, health records, profiles, and any other data processed on behalf of our esteemed clients. GDPR empowers individuals by providing them with greater control over their data. We believe in honoring customer preferences and processing their data within the bounds of legal operational environments. Our commitment is to maintain the utmost integrity of customer information throughout our operational, administrative, and data processing systems.
It is important to note that GDPR applies not only to entities within the European Union but also to every organization, regardless of their geographical location, that processes personal data of EU citizens. Therefore, it is imperative that every facet of our business process involving personal data continuously optimizes data security measures, encompassing storage, processing, transfer, and usage.
Under GDPR, individuals possess various rights, which we highly respect and uphold:
The Right to Access: Customers/individuals have the right to request access to their personal data and understand how we utilize it. Upon request, we provide a free-of-charge copy of their personal data in an electronic format.
The Right to be Forgotten: Should customers choose to discontinue their business relationship with us or withdraw their consent for the use of their personal data, they have the right to request the deletion of their data from our storage and ongoing processing activities.
The Right to Data Portability: Customers/individuals have the right to transfer their personal records to another service provider in a commonly used and readable format.
The Right to be Informed: We ensure transparent personal data collection by seeking explicit consent from individuals. Individuals must opt-in to have their data collected, and their consent must be freely given, rather than implied.
The Right to Update Personal Information: If customers need to update their physical address, phone number, email address, or any other relevant information, they have the right to request these updates. Additionally, individuals have the right to rectify any inaccuracies in their personal data when provided with a copy.
The Right to Restrict Processing: The Right to Restrict Processing: Individuals can restrict us from processing their data, allowing the data to be stored but preventing its use for processing purposes.
The Right to be Notified: Individuals have the right to be promptly notified within 72 hours in the event of a personal data breach. We prioritize informing the affected individuals as the primary point of contact.
As a corporate company, we have implemented comprehensive measures to ensure GDPR compliance and data protection across all facets of our operations. Our commitment to data security extends to the following areas:
Secure Data Centers:
Customer data generated from calls, email support, and live chat support is stored in secure data centers located within the EU region. These data centers adhere strictly to the General Data Protection Regulations
Robust Data Processing Procedures:
Our data processing procedures are highly interoperable, enabling the efficient deletion, updating, correction, or transfer of data upon individual request. Through our centralized customer support mechanism, these actions can be accomplished with just a few clicks.
Dedicated Security Staff:
We have a dedicated team responsible for continuously monitoring user activities and server environments. This vigilant approach ensures the prevention of policy breaches and serves as a proactive measure against data threats. Additionally, GDPR compliance is an integral part of our employee training program, ensuring that all personnel are aware of the potential consequences of non-compliance.
Internet Policy:
Our network operates on a centralized server and firewall, strictly restricting access to unauthorized websites, portals, or video streaming platforms. We maintain a robust firewall to prevent unauthorized intrusions, while our network monitoring staff continuously oversees user permissions and policy compliance.
Level 3 Security:
Our employees, including administration, operators, supervisors, and managers, do not have direct access to their work environment, applications, or software. Dual password protection, consisting of both the user’s system admin password and a server-side password, safeguards login details. Furthermore, the use of personal mobile phones, peripheral devices, and any other unauthorized electronic devices is strictly prohibited within our premises.
Data Protection Agreements:
We uphold three essential agreements with our clients: the service level agreement, non-disclosure agreement, and client and customer data protection agreements. These agreements include legally binding clauses that safeguard data protection and the digital assets of our clients, ensuring their enforcement within their respective jurisdictions.
Flexible Protected Processes:
Our physical and electronic processes are meticulously designed to fully support data and information protection. Employee access to the data center is restricted, with authorized personnel only permitted to add information while viewing and editing capabilities are limited. We closely monitor workflows and employee adherence to policies, promptly taking necessary actions in the event of any violations.
