Effective May 25, 2018, the General Data Protection Regulation (GDPR) is a significant change to European Union (EU) privacy law. The regulation prioritizes an individual’s right to control their personal information. It imposes new rules on companies, government agencies, non-profits, and other organizations outside the European Union that process personal data related to the offering of goods and services to people in the European Union (EU), or that monitor the behavior of EU citizens within the European Union.
GEOTREAD is committed to compliance with the GDPR by providing privacy protection to all our customers.
How GDPR applies to GEOTREAD
GEOTREAD is both a controller and processor of personal information, and that information is stored in the United States. We control the personal information of those with whom we directly interact. We are a processor of personal information for other controller organizations (i.e., our customers) who have entrusted us with processing personal information that they control. Examples of this are QGIS, ESRI ArcGIS, ESRI Online, GeoServer, Biarri Networksengineering services, the VETRO Platform data that is uploaded as part of the customer organization project management and or project deliverable.
The GDPR details six legal bases that allow controllers (like GEOTREAD) to process personal information. They are: contractual necessity, legal obligation, vital interests, public interest, legitimate interest, and consent. Most of the work we do with customers is classified as contractual necessity or legitimate interest. In other cases (e.g., web browsing tracking, marketing), we obtain direct consent before collecting any personal information.
