The European Union’s General Data Protection Regulation (GDPR) is a data protection and privacy regulation which addresses the transfer of personal data both within and outside the EU and EEA areas. The objective of the GDPR is to enhance an individual’s control and rights over their personal data. RD&X is committed to comply with the laws of the geographies of its operation.
RD&X processes all personal data on a lawful basis and solely within the bounds permitted by Article 6(1)(f) of the GDPR. Accordingly, all of RD&X’s operating guidelines and standard processes are aligned with the requirements of the GDPR and are designed around the rights of the data subjects, thereby empowering data subjects to exercise control on how their information is processed.
This page provides an overview of the privacy framework implemented by RD&X to explain how RD&X conforms to the GDPR.
The General Data Protection Regulation (EU) 2016/679, popularly known by its abbreviation “GDPR”, is a European Union privacy law regulating aspects of data protection. The GDPR applies to data which is processed both within and outside the European Union. Under the GDPR, the data controller and the data processor are subject to certain legal obligations in respect of storage and use of personal data, and the data subjects enjoy certain rights in respect of how their data is treated by the data controller and the data processor.
Yes. In the course of our operations, we may process personal information of EU residents and are therefore required to comply with the GDPR in respect of such users. However, we have voluntarily decided to meet the requirements of the GDPR in respect of each of our users, irrespective of their domicile, in order to apply global best practices as a standard measure of our operations.
Yes. The GDPR requires that in order to process personal data, there has to be at least one legal basis. Under Article 6(1)(f) of the GDPR, we are permitted to process personal data for the legitimate interests of a data controller or a third party, unless these interests are overridden by interests of the data subject.
We have designed a triad of agreements, policies, and procedures to comply with the GDPR.
We love working with partners who are as compliance-oriented as we are. At the outset of a relationship, we encourage the identification of the roles (as a data controller, a data processor, or both) that each of us needs to observe. Based on this assessment, we enter into relevant contracts which clearly establish the commitments by each of us to comply with the GDPR.
Certainly! We have designated a data protection officer, who is mandated to enact our commitments to data protection. You could reach out to our data protection officer on firstname.lastname@example.org with any questions, comments or feedback that you may like to share.
Recognized as a Processor (where applicable) by the classifications of GDPR, ReBid cooperates with its respective partners in order to determine the way data is handled under the agreed terms.
We have assigned Data Protection Officer (DPO). You may reach him via email@example.com Our DPO is tasked with ensuring that ReBid acknowledges and abides its data protection responsibilities.
Whereas GDPR regulations are merely applied to data gathered from European Union residents, we have taken a decision to meet the GDPR requirements globally for every user in every country
ReBid will gather and not store any Personal information. Personal information will be pseudonymized and encrypted to ensure the user’s privacy. The collected information will be handled for standard cases of advertising use: campaign targeting; campaign operations; brand measurement; performance attribution and optimization on the Rebid Platform.
We have provided instructions in the policy manual for the users to access their personal information collected by ReBid; discontinue the future data gathering by Rebid; delete personal information collected by Rebid; opt for not passing that personal information by Rebid; opt for not processing that personal data by Rebid.
ReBid will manage a list of all sub-processors on a dedicated website page, available to those who have the password.
The same way as with requests for data information, data subjects will be provided with instructions posted on the rebid.co website as to the rights and the ways of exercising these rights. The rights imply that they can make the below queries, which will be observed within a 30-day period from the initial request:
The possibility to remove personal information of such a user from the storage of ReBid in order to maintain his/her privacy rights.
A way to specify that personal information of such a user will not be kept in the ReBid storage in order to maintain his/her privacy rights.
A way to specify that personal information of such a user will not be processed by ReBid in order to maintain his/her privacy rights.