Effective May 25, 2018, the General Data Protection Regulation (GDPR) is a significant change to European Union (EU) privacy law. The regulation prioritizes an individual's right to control their personal information. It imposes new rules on companies, government agencies, non-profits, and other organizations outside the European Union that process personal data related to the offering of goods and services to people in the European Union (EU), or that monitor the behavior of EU citizens within the European Union.
ResLife Portal is both a controller and processor of personal information, and that information is stored in the United States. We control the personal information of those with whom we directly interact. Examples of this are users who create ResLife Portal user accounts or fill out a form on our website. We are a processor of personal information for other controller organizations (i.e., our customers and members) who have entrusted us with processing personal information that they control. Examples of this are ResLife Portal service, data that is uploaded as part of a technical support case, and contact information provided to us for a customer organization.
The GDPR details six legal bases that allow controllers (like ResLife Portal) to process personal information. They are: contractual necessity, legal obligation, vital interests, public interest, legitimate interest, and consent. Most of the work we do with customers is classified as contractual necessity or legitimate interest.
ResLife Portal is committed to protecting your personal information from any attacks or data breaches. We have implemented appropriate security controls throughout our business systems. In the unlikely event of data breach, we will honor the GDPR requirements for notification.
ResLife Portal has created a Data Processing Addendum that sets the conditions related to privacy, confidentiality, and security of EU personal data associated with online services and maintenance we provide to customers under our Terms of Service with ResLife Portal, or the then current click through agreement.
As well as applying to companies established in the EU, the GDPR also applies to companies, not established in the EU, where the company's processing activities are related to either: (i) offering goods or services to data subjects located in the EU; or (ii) monitoring the behavior of data subjects so far as their behavior takes place in the EU (e.g. monitoring via certain cookies).
ResLife Portal is not established in the EU – we have no subsidiaries or affiliates located in the EU. The GDPR also extends to certain companies located outside the EU that process personal data of individuals in the EU.
The GDPR may require us to incorporate certain provisions into our agreements with Customers subject to the GDPR when we process personal information on behalf of Customers who are subject to the GDPR.
Customer shall acknowledge and agree that ResLife Portal, acting as a Data Processor, is located in the United States and that Customer's provision of Personal Data to Data Processor for processing is a transfer of Personal Data to the United States.
ResLife Portal controls and operates the Services from within the United States of America and the entirety of the Services may not be appropriate or available for use in other locations.
We will notify Customers, without undue delay, when we become aware of a personal data breach materially affecting the personal data provided by Customers in such a way as to be likely to result in a high risk of adversely affecting individuals' rights and freedoms.