About Privacy Rules and Regulations
Effective day 25 May 2018
Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you.
General Data Protection Regulation (GDPR)
The EU General Data Protection Regulation (GDPR) has replaced the Data Protection Directive 95/46/EC and has been designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. See more at: www.eugdpr.org/
According to GDPR we are committed to comply to the following:
- Consent. Obtaining the consent of our users’ data to store and use them can no longer be passive with pre-selected opt-in boxes. Under GDPR, we are required to actively obtain their consent and explain how their data will be used.
- Breach Notification. We must notify both users and data protection authorities within 72 hours of discovering a security breach.
- Access. We must be ready to provide digital copies of private records if our users ask to know what personal data of theirs is collected, where it is stored, and what it is being used for.
- Right to be Forgotten. Under the new regulations, users can ask us at any time to delete their personal data and ask that their data no longer be shared with third party companies.
- Data Portability. The new law states that individuals are able to transmit their data from one data controller to another. Simply put, we should be prepared to provide data to them in a commonly used digital format if it is requested.
- Privacy by Design. We are now be required to have data security built in to our products and processes from the start, specifically in the technology that is used to gather and manage attendee data.
- Data Protection Officers (DPO). For companies that monitor large amounts of data or deal with data relating to criminal convictions, they will be required to have a DPO who is in charge of GDPR compliance enforcement.
California Online Privacy Protection Act
According to CalOPPA we are committed to comply the following:
- Users can visit our site anonymously.
- We will add a link to it on our home page, or as a minimum on the first significant page after entering our website.
- Users are able to change their personal information by logging in to their account.
HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by U.S. Congress in 1996. The HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, to develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI, including paper, oral, and electronic, etc. Furthermore, only the minimum health information necessary to conduct business is to be used or shared.
We are committed to follow required policies and procedures to ensure compliance with all applicable HIPAA Privacy and Security Standards, handling as private and confidential all individual health care information (Protected Health Information): our interpreters and staff involved in service interactions with patients and customers at large, are bound to a Confidentiality Agreement, as defined by Ablio’s internal Standards of Practice, publicly available on our website ablio.com.
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under 13 nor do we knowingly collect or solicit personal information from anyone under the age of 13.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
- We will notify the users via in site notification within 3 business days.
- We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions.
- Process orders and to send information and updates pertaining to orders.
- We may also send you additional information related to your product and/or service.
To be in accordance with CANSPAM we agree to the following:
- NOT use false, or misleading subjects or email addresses.
- Identify the message as an advertisement in some reasonable way.
- Include the physical address of our business or site headquarters.
- Monitor third party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
If at any time users would like to unsubscribe from receiving future emails, they can follow the instructions at the bottom of each email and we will promptly remove them from ALL correspondence.