The European Union is introducing a new data protection regulation the 25th of May 2018. KT Design studio protects your security, privacy and copyrights. The data you add is used to host your website.
KT Design studio complies with the following basic principles:
- No personal data are collected or processed without a legal basis;
- Personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject;
- Personal data must not be processed in a manner that is incompatible with these purposes;
- Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- The personal data collected must not be processed if they are too old to be relevant for the initial purposes;
- Personal data shall be correct and kept up to date;
- Personal data must not be stored for longer than is necessary;
- Personal data shall be protected, including against unauthorised or unlawful processing and against loss, destruction or damage.
- Basic principles and rights
- Principles for the processing of personal data
- The data subject’s rights
- Organisational security measures
- Technical security measures
- In case of incidents
- Special rules for children
- Risk analysis
- List of personal data and processing
- KT Design studio
- Find Creatives
- Customer relations and communication
- GDPR for our users
This document summarises KT Design studio Varna processing of personal data.
KT Design studio protects your personal privacy. We always strive for a high level of data protection and aim to comply with the rules and principles in the General Data Protection Regulation.
In this chapter, we define the roles that are of relevance for the processing of personal data.
Aktiebolaget KT Design studio Varna, Bulgaria is the controller.
KT Design studio Varna, Bulgaia
Telephone: +359 897 237 012
Any subcontractors who process personal data on behalf of KT Design studio are referred to as processors. KT Design studio monitors the processors with regard to security and confidentiality.
Supervisory authority and complaints
At KT Design studio, all decisions on the processing of personal data are made in the office in Varna. Accordingly, the Bulgarian Data Protection Authority is the competent supervisory authority.
If a data subject is of the view that errors have been made in the processing of his or her personal data, a complaint can be submitted to the Bulgarian Data Protection Authority.
Before contacting the Bulgarian Data Protection Authority, please contact KT Design studio with any complaints.
Bulgarian Data Protection Authority
Telephone: +359 897 237 012
2. Basic principles and rights
2.1. Principles for the processing of personal data
KT Design studio complies with the following basic principles:
• No personal data are collected or processed without a legal basis;
• Personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject;
• Personal data may only be collected for specified, explicit and legitimate purposes, as listed in Chapter 5 below;
• Personal data must not be processed in a manner that is incompatible with these purposes;
• Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
• The personal data collected must not be processed if they are too old to be relevant for the initial purposes;
• Personal data shall be correct and kept up to date;
• Personal data must not be stored for longer than is necessary;
• Personal data shall be protected, including against unauthorised or unlawful processing and against loss, destruction or damage.
2.2. The data subject’s rights
KT Design studio has procedures for personal data that are consistent with the data subject’s rights:
Right to information
- Information on the processing of personal data is provided both at the time of registration and when requested by the data subject;
• The data subject is informeded in case of any incidents, such as in case of a data breach;
• The information is provided to the data subject free of charge and in an accessible format.
Right to rectification
- The data subject has a right to supplement personal data that are missing or inaccurate.
Right to erasure
- The data subject may request that his or her data are erased;
Right to restriction of processing
- Restriction means that the data is marked so that in the future, they can only be processed for certain limited purposes.
- The data subject may request to have his or her personal data exported in a machine-readable format.
Right to object
- The data subject has a right to object to the processing of personal data;
• If an objection is made against direct marketing, the personal data must no longer be processed for such purposes.
- The data subject has the right to complain about an incorrect assessment. Complaints should primarily be sent to KT Design studio, but if the data subject remains unhappy with the treatment, a complaint can be submitted to the competent supervisory authority.
The general guidelines and principles form the basis for all processing of personal data. KT Design studio has implemented the following procedures for the processing of personal data:
3.1. Organisational security measures
KT Design studio strives to achieve a good level of security for personal data, including the use of the following security measures:
• Data minimisation;
• Password management;
• Monitoring and training of employees;
• Encrypted computers equipped with antivirus software;
• Images of personal data are only used if there is an agreement in place;
• All customer communication contains a footer with a link to the personal data policy;
• Anonymisation is applied when personal data are communicated internally (if possible).
3.2. Technical security measures
KT Design studio continuously strives to improve the security of the technical systems, including by using the following measures:
• Pro-active efforts to prevent data breaches;
• Two-step authentication, whenever possible;
• No open APIs;
• Development and test servers are free from personal data;
• External services and plug-ins are reviewed;
• Architects and system developers have received GDPR training.
3.4. In case of incidents
According to the data protection reform, a personal data breach is defined as a breach of security leading to the accidental or unlawful destruction, loss or alteration of the processed personal data.
If a personal data breach is discovered, it is reported to the product owner or to an employee who is considered to have a good overview of the system in question. This person is then responsible for notifying the breach within 72 hours. Thereafter, the incident shall be archived and added to the archive of historic incidents in this document (Appendix 1).
3.5. Special rules for children
Children under the age of 16 are not allowed to use KT Design studio and the Data Protection Regulations concerning enhanced protection of children’s personal data is therefore not actualized.
If KT Design studio would let children under the age of 16 create an account, we would also need to obtain consent from a parent or guardian. This is considered risky and complex and would require considerable administrative work to ensure the accuracy of the certificate. For this reason, we are introducing an age limit on all of KT Design studio’s services.
4. Risk analysis
KT Design studio continuously reviews the risk of storing and processing data. The following risks are considered to be the greatest:
5. List of personal data and processing
This chapter contains a list of all personal data held by KT Design studio and the processing of such personal data.
5.1. KT Design studio
KT Design studio is an online service that can be used by people to create their own websites. The user registers at www.KT Design studio.net and creates the website directly in the web browser.
Location for storage
All text-based data added by the user is stored in KT Design studio’s database, which is located in Ireland. Images and files that are uploaded are stored on the file server that is closest to the customer. If the customer is located in the EU, the files are stored in Ireland. If the customer is located in the US, the files are uploaded there. Possible locations for file storage include the west coast of the US, the east coast of the US, Sao Paolo, Ireland, Singapore, Tokyo and Sidney. KT Design studio also uses a CDN network, which means that data is cashed (stored temporarily) for 30 days in Amazon’s cloud. The location of this temporary file cannot be specified.
As data is used continuously for the customer’s website, it will not be removed unless erased by the customer. Customers are in control of their own data and can edit most of data in the administration interface. If a customer erases his or her entire account, all information is erased (except receipts). KT Design studio caches the data in a CDN network, which means that a temporary file is stored in Amazon’s cloud. This file is always erased automatically after 30 days. This means that if a customer erases a file, it takes 30 days before it is completely erased from the CDN network.
When the user creates an account, the person accepts that KT Design studio stores and processes personal data according to the information stated below.
5.2. Find Creatives
Find Creatives is a listing service that connects creatives with end customers. Members create a profile and complete it with the amount of personal data they see fit.
Other sub-services are included in Find Creatives. These may have their own names, brands and domains. It is clearly stated in these sub-services that they belong to Find Creatives.
Both KT Design studio and Find Creatives send email messages to customers for the various reasons described below.
5.4. Customer relations and communication
KT Design studio offers support, customer care and debugging. This work is processed in several different systems. Stored data and the processing of data varies between systems, see the table below. All systems are online-based “cloud services”.
A cookie is a text file that is stored in the web browser. KT Design studio och Find Creatives use several different cookies:
6. GDPR for our users
KT Design studio is a service that can be used to private individuals and companies to create their own websites. The service can be compared to a “regular web hotel”, but with more advanced interfaces.
Just like with a regular web hotel, customers are responsible for the content on their own websites. Accordingly, it is up to the users to ensure that they comply with the data protection reform and do not store or process personal data in a manner that is inconsistent with the Regulation.
KT Design studio cannot be held liable for any incorrect processing of personal data on the customers’ websites.
7.1. Historic personal data incidents
No incidents have occurred.