GDPR

What is GDPR?

The General Data Protection Regulation (“GDPR”; effective May 25, 2018) is a set of laws adopted by the European Union (“EU”) to define and safeguard against online violation of the data protection and privacy rights of individuals within the EU, as well as to ensure better control over the digital footprint of one’s personal data.

Our commitment

The mldatahouse team is fully committed to the principles of the GDPR. Our legal and policy experts have closely analysed the requirements of the GDPR and continue to monitor new guidance on best practices for implementing the requirements of the GDPR. We have taken these GDPR principles to heart and made changes to our products, contracts, and policies to ensure that we are fully aligned with the GDPR. mldatahouse services are aligned with the GDPR as of May 25, 2018.

Does this affect me?

The GDPR regulation applies to any EU residents' data, regardless of where the processor or controller is located. This means that if you’re using mldatahouse from the U.S. to reach out to other U.S. corporations, the regulation doesn’t affect you. But if some of your customers or leads are in the EU, you should pay attention to it.

In practice, most companies need to take the GDPR into consideration.

What is our legal basis for processing data?

The data we process has been made 'manifestly public' (GDPR Article 9.2(e)) by the data subject. We only crawl and index publicly available email addresses and phone numbers, such as those that are accessible from websites and social media. mldatahouse has a 'legitimate interest' (GDPR Article 6.1(f)) in empowering professionals to connect with relevant individuals.

How mldatahouse is complying with the GDPR

Even though the GDPR only applies to data from EU residents, we took the decision to apply the requirements of the regulation broadly. This means that except in some rare cases, we don’t restrict any privacy-related feature based on the geographical location of a data subject.

Security

We’re taking the security of the data we manage very seriously. Our entire cluster is systematically situated behind firewalls and protection mechanisms. Double authentication is required for any staff connection.

We’ve also subscribed to several third-party services that provide us with a Web Application Firewall (WAF) and systematic blockage of potential threats.

Our processing is done exclusively in the EU

We store and process all our data exclusively in the EU. We even store our off-site backups within the EU.

Log retention

To improve, debug or prevent fraud on mldatahouse services, we keep a variety of logs. We now make sure logs are destroyed within 4 months of their collection date, and we never use those logs of anything other than monitoring and debugging.

Data portability

The GDPR gives any user the right to download any data that they provide to a particular service. This allows for easier migration to other services.

We think this is a great idea and mldatahouse has always made it possible for user to download their data.

Systematic pseudonymisation of non-public data

Our applications heavily pseudonymize data to ensure the privacy of data subjects. Any attributes that don’t need to remain in their original form are truncated to remove any possibility that they may be linked back to a specific data subject.

Your Rights Regarding Your Personal Information

We respect your privacy rights no matter where you are from and therefore you may contact us at any time and we shall work diligently to respect your choices and requests regarding your Personal Information. The purpose of the list stipulated below is to allow Users and Contacts to exercise their rights under applicable privacy and data protection regulations:

• Right of Access: You may request access to your personal information and obtain a copy of your personal information which is being processed by mldatahouse. Such requests are made by contacting our Privacy Team (privacy@mldatahouse.com).
• Right of Rectification: You may request to change, update or complete any missing data we process about you, by contacting our Privacy Team (privacy@mldatahouse.com).
• Right of Erasure: You may request the removal of any data in our index by contacting our Privacy Team (privacy@mldatahouse.com).
• Right of Restriction of Processing: You may request that we restrict processing your personal information. To make such a request, please contact our Privacy Team (privacy@mldatahouse.com).
• Right to Data Portability: You have the right to receive personal information in a structured, commonly used and machine-readable format. Contact our Privacy Team (privacy@mldatahouse.com) for such requests.
• Right to object to processing Data: You have the right to object to the processing your data by contacting our Privacy Team (privacy@mldatahouse.com).

However, please note that these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements.

If you are not satisfied with our response or believe we are not processing your Personal Information in accordance with the laws, you can complain to the applicable data protection authority.

Retention

Personal Information will be retained by mldatahouse for as long as necessary to provide our services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. You may request deletion of your personal data as specified above. However, please be aware: If your information is fully deleted from the mldatahouse Database, it may be obtained again in the future if it is collected through public platforms or our business partners.

We recommend you to periodically check your profile or the Services to ensure that your then-existed profile or account includes only the Information you chose to have displayed.

Legal Basis for Processing

The biggest myth about the GDPR is that consent is the ONLY way to lawfully process personal information concerning EU data subjects. While consent is one basis for lawful processing, it is not the only one. mldatahouse’s lawful basis for processing is its legitimate interest in providing its services to its users.

The Categories of Recipients of the Personal Data

In order to provide our service, mldatahouse may share certain personal data with companies and individuals that subscribe to our service. We may also share personal data with the following recipients:

• Our subsidiaries
• Subcontractors and other third-party service providers (e.g., payment processors, advertisers and marketers, hosting services, etc.)
• Auditors or advisers of our business processes
• Any potential purchasers or investors in mldatahouse

Additional Security

Data protection in the cloud

Our services run on Amazon Web Services (AWS), a provider with the highest levels of security. The physical safety of datacentres is guaranteed by 24/7 surveillance teams while state-of-the-art software security techniques protect your data from unwanted access. AWS infrastructure is highly resilient, constantly available and thoroughly monitored. It satisfies many global security standards including ISO27001, SOC, PCI, and FedRAMP.

Data Encryption

mldatahouse systematically uses HTTPS on mldatahouse.com and any of our subdomains. Any connection in HTTP gets redirected to its HTTPS counterpart. We also use the Key Management Service (KMS) through AWS, which employs industry best practices to ensure the safety of the keys used to encrypt your data. The bottom line is that you can be sure of your information's safety.

Credit Card Information

mldatahouse does not store any card information that can compromise your security. Stripe - the provider who handles all your card details - is PCI Service Provider Level 1 Certified, the highest security standard available in the payments industry.

Firewall

We have implemented a Web Application Firewall to prevent unwanted intrusions from incoming requests. We also have a server firewall to prevent access from non-approved IPs.

Password Hashing

We don't store passwords - we don't even see them. We store a cryptographic hash.

Contact

If you have any additional questions on our privacy practices, please feel free to address us at privacy@mldatahouse.com.

In addition, individuals from the EU may contact our EU representative regarding all requests related to data protection and privacy:

I 10-4 Islamabad Pakistan
Email: info@mldatahouse.com