General Data Protection Regulation

What is the GDPR?

The General Data Protection Regulation (GDPR) applies to all 28 member states of the European Union (EU), unlike a memo which demands member states to draft local laws to enforce its rules.

It came into effect on May 25, 2018 and it sets out to improve the rights that citizens of the EU have over their data which is collected by companies.

Before its arrival, misuse of a person's data was barely punishable. Now, gigantic fines are issued against companies which fail to comply by the regulation's standards. Companies that are found guilty of misusing data can be fined up to $22,589,800.00 (€20 million) or 4% of the company's annual turnover, in worst case scenarios.

The goal of the regulation is to give people greater power over their data and make companies more transparent in how they deal with people's data.

What data does Punch Technologies, Inc. collect and process from an EU citizen?

We have always been very cognizant of the sensitivity of some of the data that our users have stored on our platform. As such, data privacy has long been very important to us and an area we focus on and constantly discuss ways in which we can improve. PunchAlert customers upload basic contact information, including full name, phone number and email address for their employees and patrons that they want to communicate with. PunchAlert customers have complete control over the data that is uploaded and used for their entire user base. We also took that one step further by allowing the individual user to validate the data as well as update it, to include voluntarily removing it. In this way we have given both our customers and individual users the ability to control what data is used by PunchAlert for communications. Punch Technologies, Inc. does not access that data except as specifically requested by a customer, and all such data can be deleted or modified by a customer directly at any time. Upon termination or expiration of a customer relationship, all customer data is deleted within 10 days. This control over the data enables customers and individuals to directly upload, modify, and delete individual contact information as appropriate based on customer requirements.