The Newsafe Leadership Solutions Ltd.’s (“NLS”) Data Protection Commitment

Multiple countries have implemented new laws to address data privacy concerns related to the collection of their citizen’s personal information.

The EU General Data Protection Regulation (GDPR) is one such law and NLS is here to support you in meeting its requirements.

What Is GDPR?

GDPR is setting a new standard for how organizations collect, use, and protect EU citizens’ personal information. With the growing concern for data safety, this law is designed to restore the confidence of the public.

GDPR Implications For Your Organization

Whether or not your organization is based in the EU, all business that control or process personal information of EU citizens have to do so in accordance with the GDPR requirements.

As an employer, this means that you are responsible for ensuring that the personal information of your EU citizen employees is processed in accordance with the GDPR requirements.

Because of this, you are also responsible for ensuring that any workplace service providers that you use will process the personal information of your EU citizen employees in accordance with the GDPR requirements.

NLS’s Commitment Of Support In Your Organization’s GDPR Compliance

NLS is committed to supporting you in ensuring that your use of our workplace tool meets the GDPR requirements.

Here are some of the measures that NLS has put in place to reflect that:

  1. NLS’s Contractual Terms Reflect GDPR Requirements

    NLS has prepared a Data Processing Addendum available at https://theagencyfactory.com/data-processing-addendum that contains the GDPR contractual requirements. Where applicable, this Data Processing Addendum is incorporated into our Terms of Service, available at https://theagencyfactory.com/terms. Our contractual commitments relevant to GDPR are that:

    1. NLS will be transparent and never use your employees’ personal information other than as instructed by you,
    2. NLS will maintain appropriate technical and organisational security measures to protect your employees’ personal information,
    3. NLS will assist you with requests from your employees regarding their personal information that is processed using our services.
  2. NLS Will Continue To Improve Its Security Infrastructures

    NLS is committed to maintaining appropriate technical and organisational security measures to protect your employees’ personal information in line with the GDPR requirements. Our commitments to maintaining our security measures are as follows:

    1. NLS ensures that, to the extent possible, your employees’ personal information is pseudonymized,
    2. NLS ensures that your employees’ personal information is encrypted, both in transit and at rest,
    3. NLS has measures in place to ensure the ongoing confidentiality, integrity, availability, and resilience of NLS processing systems and services,
    4. NLS can restore the availability and access to your employees’ personal information in a timely manner in the event of a physical or technical incident, and
    5. NLS is putting in place a process for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures to ensure the security of your employees’ personal information.
  3. For more details regarding NLS’s commitment to invest in its security infrastructures, we invite you to read our Data Processing Addendum.
  4. NLS Complies With GDPR International Data Transfer Mechanisms

    GDPR does not require personal information of EU citizens to be stored in the EU. GDPR does, however, require transfers of EU citizens’ personal information outside of the EU to comply with certain international data transfer standards. One of these standards is that prior to transferring an EU citizen’s personal information to a third country, the European Commission must have decided that the third country ensures an adequate level of protection. NLS is committed to ensuring that all transfers of your employees’ personal information are and will be in compliance with the required international data transfer standards. NLS is located in Thailand and is subject to Thailand privacy laws. Thailand is in the process of implementing its own data privacy law largely inspired from GDPR and called Personal Data Protection Act (PDPA) which comes into force on June 1st 2021.

As your data processor, NLS transfers your employees’ personal information to only two third-party subprocessors: our data center provider and our database service management provider. Both of these subprocessors are certified under the E.U.-U.S. Privacy Shield, a framework negotiated and agreed upon by the European Commission and U.S. Department of Commerce as a lawful way of transferring personal data.

  1. NLS’s Products Are Designed To Help You Meet Your GDPR Requirements

    NLS is committed to making every effort to build product features that help you meet your GDPR requirements. NLS ensures that you can meet the GDPR data portability requirements by providing, among others, features that permit you to export some of the employees’ personal information.

As Data Privacy laws become more widespread across the world, NLS will update from time to time its Data Protection commitment to reflect new rules which might become relevant to your organization.

NLS is here for you. Please contact our customer support team if you have any GDPR-specific questions.

This Policy was last updated on April 22, 2021