Controller and Processor
The GDPR lays out distinct responsibilities depending on whether an entity is a controller or a processor of personal data.
A controller is an organization that determines the purposes and means of processing personal data. Such entities must be aware of their obligations regarding personal data. Before collecting data from customers, understanding these responsibilities is crucial.
On the other hand, a processor is an entity processing data on behalf of a controller. Processors act solely based on the controller's directives and make no independent decisions about the data.
Utilizing the services of 360 Brand Marketing LLC means you function as a controller. You have authority over the data you upload to our system and must, therefore, ensure lawful processing and appropriate retention periods.
It's imperative to comprehend your obligations as a controller and to ensure lawful transfer of personal data to 360 Brand Marketing LLC.
360 Brand Marketing LLC operates as a data processor. Through our platform, we store and process the data you provide based on your directives. Rest assured, we won’t use any personal data you upload for our own ends or without your instruction.
Legal Basis for Processing
Personal data must have a legal foundation for collection and processing, as stipulated by the GDPR.
As a processor, 360 Brand Marketing LLC relies on our clients to determine the correct legal grounds for data collection and processing. Before using our platform, you should ascertain suitable legal bases and process personal data accordingly. Changing the grounds for data collection without a legitimate reason isn't advisable. Therefore, it's crucial to select the right foundation initially.
Data Subject Access Rights
The GDPR endows data subjects (e.g., your clients) with rights regarding their personal data, including rights to access, modify, and delete their data.
360 Brand Marketing LLC has systems in place to notify you if we receive a request from a data subject. Likewise, you should inform us if such a request comes your way. You should be conversant with your duties, even regarding data held elsewhere.
Transfers of Data to the USA
Transferring personal data outside the EEA or UK requires adherence to GDPR rules. We implement Standard Contractual Clauses in our Data Processing Agreement, which all clients sign.
At 360 Brand Marketing LLC, we prioritize data security. We've instituted protective measures to ensure data we manage remains secure. Our products undergo regular testing for vulnerabilities.
With consistent backup systems, data recovery, and integrity procedures in place, we strive to mitigate risks of data corruption or loss.