On the 25 May 2018 a new EU regulation came into force to strengthen the protection of personal data for individuals. It's broadly known as GDPR (General Data Protection Regulation). As pretty much everyone is affected by it, you have probably already seen a fair bit of information about it. Here at twiends we welcome this positive move towards further protecting user data and privacy. We have made considerable effort to ensure that we are compliant with GDPR, and we want to outline the steps we have taken here.
We have conducted a detailed analysis of our processing of personal data and have determined legitimate interests to be our lawful basis for doing so. In the interests of transparency we have published the full legitimate interests assessments we carried out.
We recognise that we could use consent for some categories of personal data but we feel that legitimate interests are better suited to what we do. We take great care to protect and balance the rights of the individual with our own legitimate interests to process their data, and as such we feel very comfortable using this as our lawful basis.
Our privacy policy has been updated with the new information required by this regulation. This includes information on the personal data we process and the lawful basis for doing so.
As part of determining the lawful basis under which we process personal data, LIA's were conducted to assess the legitimate interests we have in doing so. We have decided to publish these internal assessments in the interests of transparency.
A new privacy notice has been added to the site which quickly summarises the main aspects of how we process personal data.
We have improved the delete option on the settings page to make it clear what personal data is automatically deleted through this process.
We now provide prominent privacy information and links to our privacy policy whenever we collect personal data. We also send a summary of this privacy info in the first email we send to a user.