Spin 360 ensures conformance to global regulations and industry practices in order to maintain
privacy and security of its customer’s data. All our products provide GDPR-ready capabilities
to help our customers meet their compliance obligations. Spin 360 extends these capabilities
not only to customers in the EU, but to all our customers worldwide. To strengthen an individual's
rights to privacy, the European Union brought about the General Data Protection Regulation
or GDPR, fortifying existing directives on data protection. The Regulation issued by the
European Union applies to businesses processing personal data of European residents, and
has been in force since 25th May 2018.
Committed to protecting our customers personal data, Spin 360 is here to help our customers understand significance of the GDPR, its requirements and our allegiance to align with global standards.
7 Key Principles of the GDPR
The GDPR encourages businesses to be responsible about an individual’s data. By ensuring protection and privacy of this data, businesses earn customer trust and they are likely to engage better with the business. GDPR provides a framework for businesses to standardize and regularize real-world security and privacy needs of an individual's data used for business purposes.
The key principles which the GDPR requires businesses to operate on are:
1. Lawful, fair and transparent processing: Emphasizes transparency for all individuals i.e. when data is collected, businesses must be clear as to why data is being collected and what will it be used for.
2. Purpose limitation: Collect data, only for the purpose you need it for. That is, data collected for specific purposes/reasons cannot be further processed in a manner incompatible with those purposes/reasons.
3. Data minimization: Ensure data captured is adequate, relevant and limited. Based on this principle, organizations must ensure they store minimum amount of data required for their purpose.
4. Accurate and up-to-date processing: Data controllers must ensure information remains accurate, valid and fit for purpose. To comply, organizations must institute processes and policies to address how they maintain data they are processing and storing it.
5. Limitation of storage in a form that permits identification: Have control over storage and movement of data within the organization. This includes implementing and enforcing data retention policies, and preventing unauthorised movement and storage of data.
6. Confidential and secure: An organization collecting and processing data is solely responsible for implementing appropriate security measures to protect the individuals data.
7. Accountability and liability: Organizations must be able to demonstrate adoption of necessary steps to protect an individual’s personal data, and be able to pull up every step within the GDPR strategy as evidence.
Effective compliance addresses data privacy and security requirements no matter where your business is located, or what industry you belong to. At Spin 360 we optimize business value from our products and services by adhering to necessary standards and policies. Hence, our cloud ecosystem is capable of providing a robust and scalable structure for safe processing of your, and your customer's data. All our products are GDPR compliant and come with in-built features that help you meet your compliance needs. GDPR-ready features in all Spin 360 products are made available to all our customers worldwide. This means GDPR recommended principles for privacy and security of personal data have been extended to customers even outside the EU.
Deliver business value by optimizing service efficiency with secure and scalable systems for collecting, storing and processing data.
Increase customer and partner awareness on regulation requirements, ensuring consistent application of data protection measures.
Drive business performance through continuous improvement, best practices and innovation so that we provide you the best.
Individual Rights, Subject Access, and Communication
Spin 360 GDPR program thoroughly evaluates how Spin 360, both as a data controller and processor is placed with its existing procedures for readiness to, provide rights of individuals under GDPR and, assist customers in responding to data access requests from individuals.
Lawful processing Spin 360 GDPR program emphasizes on transparency of data processed by establishing processes that help easily respond to requests from customers wanting to know what data Spin 360 has about them. Information of what data is collected, stored and processed can be obtained from our Privacy Notice
Our leaders commit to support and provide guidelines for data protection compliance through a framework of standard policies and procedures. Spin 360 defines metrics for monitoring and governing health of the privacy notice which is independently run under the direct control of the Management Steering Committee.
Customer's Personal Data with Spin 360
Spin 360 delivers on our customer’s privacy objective by maintaining processing records of customer’s data. Periodic and need based Privacy Impact Analysis (PIA) across data flow and process maps aids in keeping our program aligned with ever changing business and technology landscapes.
Privacy by Design and Default
Programs, projects, and processes at Spin 360 are aligned to privacy principles right from inception of an idea or project, thereby supporting Privacy by Design and Default principles. Read more on privacy-ready features of our products here.
Opt out of analytics
As part of Spin 360 commitment to uphold privacy, Spin 360 products provide options to opt out of analytics. Customers can terminate sharing of data for the purpose of analytics. Reach out to your Account Executive for more on enabling the same for your support account.
Spin 360 ensures data is hosted within centers qualified by global IT standards and regulations. Providing multiple locations to host data (upon purchase of appropriate plans) to suit needs of its customers, Spin 360 data centers are located in United States, Europe, India and Australia.
List of sub-processors
Spin 360 GDPR program ensures any 3rd party vendor/sub-processors is also accountable for protection of an individual’s personal data. These obligations are established by way of contracts that also include providing sufficient guarantee to implement appropriate technical and organisational measures as specified in the Regulation.