Data Protection and GDPR


360 Brand Marketing LLC is deeply committed to safeguarding the privacy of our users and their clients. We remain abreast of advancements in data protection laws to ensure that you can trust the security of your personal data when using our services.

This page serves to clarify the regulations in place, how they pertain to your utilization of the 360 Brand Marketing LLC services, and the measures we've adopted to remain compliant. This content is provided for informational purposes and should not be taken as legal advice.

We advise reviewing this document alongside our Privacy Policy and recommend consulting with a specialized legal expert should you need detailed advice or further information.

General Data Protection Regulation (GDPR)

Regulation (EU) 2016/679, popularly known as the General Data Protection Regulation (EU GDPR), is an EU directive with the goal of standardizing data protection regulations throughout the EU.

The EU GDPR aims to empower individuals by granting them increased autonomy over how companies handle their data, and by enhancing the transparency around data collection and processing.

Following the conclusion of the Brexit transition, the EU GDPR was directly embedded into UK legislation. This means that businesses in the UK, and any entities governed by UK law, continue to be obligated to adhere to its guidelines through the ‘UK GDPR’. Throughout this document, both the EU GDPR and the UK GDPR will be collectively referred to as the GDPR.

Basic GDPR Concepts

Controller and Processor

The GDPR lays out distinct responsibilities depending on whether an entity is a controller or a processor of personal data.

A controller is an organization that determines the purposes and means of processing personal data. Such entities must be aware of their obligations regarding personal data. Before collecting data from customers, understanding these responsibilities is crucial.

On the other hand, a processor is an entity processing data on behalf of a controller. Processors act solely based on the controller's directives and make no independent decisions about the data.

Utilizing the services of 360 Brand Marketing LLC means you function as a controller. You have authority over the data you upload to our system and must, therefore, ensure lawful processing and appropriate retention periods.

It's imperative to comprehend your obligations as a controller and to ensure lawful transfer of personal data to 360 Brand Marketing LLC.

360 Brand Marketing LLC operates as a data processor. Through our platform, we store and process the data you provide based on your directives. Rest assured, we won’t use any personal data you upload for our own ends or without your instruction.

Legal Basis for Processing

Personal data must have a legal foundation for collection and processing, as stipulated by the GDPR.

As a processor, 360 Brand Marketing LLC relies on our clients to determine the correct legal grounds for data collection and processing. Before using our platform, you should ascertain suitable legal bases and process personal data accordingly. Changing the grounds for data collection without a legitimate reason isn't advisable. Therefore, it's crucial to select the right foundation initially.

Data Subject Access Rights

The GDPR endows data subjects (e.g., your clients) with rights regarding their personal data, including rights to access, modify, and delete their data.

360 Brand Marketing LLC has systems in place to notify you if we receive a request from a data subject. Likewise, you should inform us if such a request comes your way. You should be conversant with your duties, even regarding data held elsewhere.

Transfers of Data to the USA

Transferring personal data outside the EEA or UK requires adherence to GDPR rules. We implement Standard Contractual Clauses in our Data Processing Agreement, which all clients sign.

Data Security

At 360 Brand Marketing LLC, we prioritize data security. We've instituted protective measures to ensure data we manage remains secure. Our products undergo regular testing for vulnerabilities.

With consistent backup systems, data recovery, and integrity procedures in place, we strive to mitigate risks of data corruption or loss.

Steps 360 Brand Marketing LLC Has Taken to Ensure GDPR Compliance

We recognize the gravity of our role as a processor. To guarantee our adherence to the GDPR, we've instituted various measures and taken multiple steps, including:

Our Data Processing Agreement incorporates the Standard Contractual Clauses, offering a lawful framework for transferring personal data to us in the USA.

We utilize advanced tools aimed at detecting breaches of personal data. These tools enable us to alert our clients promptly in the event of any discrepancies.

We possess the capability to address subject access requests and rights of erasure requests. Additionally, we promptly notify you whenever a data subject lodges a request with us.

A thorough assessment and documentation of the personal data we process on your behalf have been undertaken.

We take rigorous security measures, including encrypting personal data both at rest and in transit. These initiatives are designed to provide security commensurate with the risks associated with processing your personal data.