The General Data Protection Regulation (GDPR) is an EU Regulation, related to protection of personal data that took effect on the 25th of May 2018. The goal of GDPR is to protect the rights of data subjects who are in the EU, within data privacy and to ensure transparency, security, and accountability by Data Controllers and Data Processors. Simply speaking, it will give data subjects who are in the EU the right to know what, why, where, and when their data is being processed. GDPR has expanded on the eight principles of the already existing EU Data Protection Directive:
This Regulation applies to the processing of personal data of data subjects who are in the Union by a Data Controller or Data Processor not established in the Union, where the processing activities are related to:
Obtain and process information fairly.
The data must be kept for a specified, lawful purpose.
The data should be used and disclosed only for the specified purpose.
The data must be kept safe and secure.
The data must be up to date, accurate and complete.
The data must be relevant, adequate but not excessive.
The data must be retained for no longer than is necessary.
A copy of the data must be made available to the data subject, on request.
How Coly Technologies protects and processes our users’ data:
At Coly Technologies, we take data privacy very seriously. Below you will find a summary of how we process and protect your data as a Coly Technologies user and how you can always control it.
Coly Technologies assess personality and values into individual reports and/or matches you for a shared living space you are applying for/evaluating/residing in.
Users submit data to the Data Controller by Coly ME platform, usually in the form of contact information, personality and values information, device information, information about shared living space and demographic information.
The user can at any time restrict the data processing and revoke access to their data
To be able to give both the user and the Data Controller (companies or private landlords) that uses Coly ME as much value as possible from our services, Coly processes and analyses of aggregated segments of our data set to find valuable insights. These analyses are all done on anonymized data, not on personal identifiable information, as we are interested in finding broad and statistical trends and not detailed tendencies on an individual level. One finding from such analyses could, for example, be “in a shared living context with many tenants X, we see that candidates with personality traits Y are more likely to be happy and stay longer in if there are several candidates with personality traits Z in the shared living context.”
Coly will never keep any personal data longer than necessary. The normal retention period will be two (2) years.
Our application data is hosted and protected by Amazon Web Services and is stored on their servers in Germany & Ireland. Coly has a Data Processor Agreement with Amazon Web Services, and it contains the European standard contract clauses.
Our form application is hosted and protected by Typeform and stored on their servers in Spain. Coly has a Data Processor Agreement with Typeform. Data is mainly processed within the EU, but if it is processed outside the EU, the European standard contract clauses are used.
Security measures to keep our platform safe
Our customers’ security and integrity are very important to us and something we take seriously. Our systems are designed with Privacy by design and Privacy by default in mind. Access to sensitive data is restricted by strong authentication both internally at Coly Technologies and externally. When transferring and storing data we always use recommended end-to-end encryption protocols and algorithms. We continuously run tests to ensure that unauthorized access to sensitive data cannot occur.
If you have any further questions regarding how we process personal data, please contact our Data Protection Contact Person: Filip Klementsson at firstname.lastname@example.org.