At Neto we have always recognised the importance of data security and held our customers data as a top strategic priority. Over the past 12 months we have continued to invest heavily in ensuring PCI DSS compliance, the new Australian Privacy Laws and now the General Data Protection Regulations (GDPR) from the EU.
The GDPR provisions cite consent and transparency as the cornerstone for securing the personal data of EU citizens. The goal behind GDPR is to make sure that organizations are complying with the prerequisites for protecting their customers’ data. This addendum addresses what Neto is doing with respect to the GDPR.
1. Introduction
- This addendum amends Neto’s Terms and Conditions and Privacy Policy.
- When conflicting with or contradicting our existing Terms and Conditions or Privacy policy, this addendum takes precedence.
2. Definitions
- "Data Processor", "Data Subject", "Processor", "Processing", "Subprocessor", and "Supervisory Authority" to be interpreted as per applicable Data Protection Legislation.
- "Data Protection Legislation" refers to General Data Protection Regulation, Regulation (EU) 2016/679 and European Directives 95/46/EC and 2002/58/EC, and any legislation and/or regulation implementing them.
- "Personal Data" means information relating to an identifiable Data Subject who visits or engages in transactions through your Neto webstore (a "Customer"), which Neto Processes as a Data Processor in the course of providing you with the Services.
3. Personal Data Policy
- Personal Data related to Data Subjects, regardless of location, is processed by Neto in Australia.
- In order to provide its Services, Neto will Process Personal Data. When Processing Personal Data, Neto will:
- do so only for the purpose of providing our Services in accordance with our Terms and Conditions or upon request by you;
- if allowed by law, notify you when we receive an inquiry or complaint from a Data Subject or Supervisory Authority regarding the Personal Data;
- implement measures to protect Personal Data from unauthorised or unlawful processing;
- provide you, upon request, with reports or extracts, to enable you to assess compliance with the GDPR;
- notify you promptly upon becoming aware of and confirming any accidental, unauthorized, or unlawful processing of, disclosure of, or access to the Personal Data;
- insist that Neto employees with access to Personal Data have confidentiality obligations restricting their ability to share or disclose Customer Personal Data;
- On closure of your account, Neto will purge and/or anonymise Personal Data relevant to your account within 60 days.
- By utilizing our services, you agree that Neto may use Subprocessors to Process Personal Data.