Privacy Policy

PROCESSING UNDER THE PURVIEW OF EU GDPR

We are committed to respecting your rights as a data subject if the processing of your personal data falls under the purview of European Union General Data Protection Regulations (EU GDPR). In such instance, please take note of the following:

  • Data portability, restricting data processing, data erasure: if you would like to request that we provide a copy of your information to you or restrict processing of your information or erase it, please contact our Data Protection Officer.
  • Complaints to supervisory authority: You have the right to lodge a complaint with a supervisory authority of the European Union or European Economic Area according to that authority’s rules and procedures.
LEGAL JUSTIFICATIONS FOR THE PROCESSING PERSONAL DATA

We generally use the following legal justifications for processing personal data: (1) Given consent to the processing (Art. 6(1)(a) GDPR; “Consent Justification”), (2) processing is necessary to (a) fulfil a contract signed by you (Art. 6(1)(b) GDPR; “Contract Justification”), (b) compliance with a legal obligation (Art. 6(1)(c) GDPR; “Legal Obligation Justification”), and (c) realizing a legitimate interest (Art. 6(1)(f) GDPR; “Legitimate Interest Justification”).

CROSS BORDER DATA TRANSFERS

Personal data that is subject to the European Data Protection Regulation will normally be stored on servers within the Europe Union. Unless for business-related needs, we generally do not transfer your personal data to jurisdictions outside the European Union.

However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the applicable personal data protection laws and regulations.

By introducing appropriate data transfer agreements based on Standard Contractual Clauses (2010/87/EU and/or 2004/915/EC) as referred to in Art. 46(5) GDPR, we have ensured that all recipients located outside the EEA will provide an adequate level of data protection for personal data and that appropriate technical and organizational security measures are in place to protect personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing.

U-Reg internal employees may be located outside the European Union and may access personal data stored on European Servers for their daily business operations. If U-Reg employees process data outside of the European Union, they will do so only with internal authorized IT equipment that strictly meets all internally defined protection and security requirements. All U-Reg employees undergo the necessary awareness training to comply with data protection obligations and ensure secure data processing.

DATA SUBJECT RIGHTS

Under the GDPR, individuals can exercise following:

the right of access
the right to rectification
the right to erasure
the right to restrict processing
the right to data portability
the right to object to processing
the rights in relation to automated decision making and profiling

Please contact our Data Protection Officer for requesting data subject rights.