- Organizations located within the EU
- Organizations located outside of the EU if they offer goods or services to (even for free), or monitor the behavior of, EU residents
If you offer your goods or services to or monitor the behavior of any EU residents, then you must comply with GDPR.
Under GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”), such as name, email, location, IP address, or online behavior. You can find more detailed information about the “personal data” here.
Personal data processing is a broadly defined term under the GDPR. It covers any operations performed on personal data with no limitation such as deleting, collecting, storing, and transferring the personal data.
GDPR lets individuals to decide what happens to their personal data. Individuals may ask your company to:
- Access, update or correct errors on their personal data
- Delete their own personal data
- Raise an objection to processing
- Restrict the personal data processing
- Obtain the personal data in a structured, commonly used and machine-readable format and transmit the data to a third party
- Withdraw the consents of the personal data processing
- Lodge a complaint to a supervisory data protection authority
Data controllers determine the purposes and conditions of the processing personal data. Data processors processes personal data on behalf of the data controllers.
You are obligated to provide privacy notices to individuals who engage with your brands detailing how you collect and use information etc., and obtain consents if needed. If the individuals want to know what data you process or they do not want your business, you must send a notice in a reasonable time frame.
RMC is a data processor of your consumer data and you are the data controller.
RMC acts as a data processor for the personal data that company sends as a part of our service agreement. RMC only processes the personal data in accordance with your company’s permission and instructions.
Currently, RMC has an active GDPR program. Many areas of GDPR requirements have been addressed and added to our product roadmap. RMC is committed to compliance with the General Data Protection regulation.
Every organization must determine the GDPR status by themselves. RMC cannot provide a direct guidance or make assertions about your GDPR compliance.
GDPR requires the data controllers to sign an agreement with anyone who handles the data. Data processing agreement is an agreement between RMC and the customers. The agreement clarifies rights and obligations of both parties under the GDPR.
Yes, we are working on our DPA available, and it will be published soon on our webpage so that our customers can be confident that their data is processed in compliance with the General Data Protection Regulation.
Yes, the complete list of current sub-processors are published on our website.
Address: Yeşilce Mahallesi Yunus Emre Caddesi Doğruer Plaza No: 4 Zemin Kat 4. Levent Istanbul/Turkey