At Carousel Digital Signage (a division of Tightrope Media Systems, Inc.), we are committed to being transparent with our customers regarding our privacy practices and compliance with European Union (EU) privacy regulations. We value your trust and are dedicated to protecting your privacy.
Our commitment to protecting the privacy of our customer’s data includes:
- A strong cultural desire to limit our use of personal data to only what is necessary to conduct business with our customers. When we do need to collect or use personal data, we do so only to communicate with you and provide to you with the services we offer. We have no interest in your personal data for any other reason.
- All employees and contractors are subject to background checks, sign non-disclosure agreements and are subject to ongoing security and privacy training.
- Establishing processes and tooling for addressing requests from you regarding your personal data.
- Leveraging third-party security experts to conduct annual penetration tests of our products.
What is GDPR?
The General Data Protection Regulation (GDPR) was adopted in 2018 to strengthen and unify data protection for residents of the European Union (EU), while also addressing the export of personal data outside the EU. The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they process the personal data of EU residents.
GDPR Compliance Steps
We have been working hard to ensure compliance with GDPR. Below are some of the things we are working on specifically for GDPR:
- We have strengthened our security infrastructure.
- While not legally required to do so, we have appointed a dedicated Privacy and Security Officer, who can be reached via email at firstname.lastname@example.org.
- We have identified our third-party vendors and classified the data that is transferred to them. A roster of our third-party data processors is available by contacting email@example.com.
- We have executed Data Processing Addendums (DPAs) with our vendors to ensure onward transfer of your data is safe.
- We have adopted our own Data Processing Addendum and Standard Contractual Clauses (SCC) for our customers and users according to GDPR standards. The DPA and SCC are effective on Feb 1, 2020.
- We have established an online portal for individuals wanting to make requests about their personal data.
- We have appointed GDPR-Rep.eu as our Article 27 E.U. Representative. They can be reached at:
Maetzler Rechtsanwalts GmbH & Co KG
c/o Tightrope Media Systems, Inc.
Schellinggasse 3/10, 1010 Vienna, Austria
Please add the following subject to all correspondence:
GDPR-REP ID: 11082518
Dated: January 28, 2020.