LexBlog collects personal data from data subjects located in the European Union, including customers, vendors, and readers. Certain of this data may constitute protected “personal data” as that term is defined in the E.U. General Data Protection Regulation (“GDPR”).
The following disclosures concerning the LexBlog’s compliance with GDPR are presented for informational and compliance purposes only. Nothing in these disclosures constitutes a representation that any particular data or service is governed or subject to GDPR, nor do these disclosures represent or constitute any contract or undertaking with any customer, vendor or reader.
Effective Date of GDPR
GDPR is set to take effect on May 25, 2018. On and after that date, LexBlog will comply with GDPR to the extent applicable.
Utilization of Data
Bases for the Processing of Data
In some cases, LexBlog requires this data because of the contract between you and us. In addition, LexBlog has a legitimate interest in disseminating its content to interested parties. This requires, for example, communicating blog content through channels, including email, to readers who previously have indicated an interest in receiving such content.
Recipients of Personal Data
Recipients of personal data may include vendors, subprocessors (such as MailChimp) and customers of LexBlog. All LexBlog employees who receive or review personal data have received training concerning maintaining the confidentiality of such data and committed themselves to confidentiality. Where appropriate, LexBlog will enter into written agreements governing the processing and confidentiality of personal data by third parties. In certain cases, LexBlog may transfer personal data to countries without a favorable adequacy decision by the EU Commission charged with such adequacy decisions, in which case LexBlog will institute appropriate and suitable safeguards, including but not limited to execution of the Model Clauses available here.
Storage of Data
LexBlog will retain data only so long as is necessary. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Your Rights Under GDPR
If the GDPR applies to retention of your personal data, you have several rights including (i) the right to request access, rectification or erasure of your data, (ii) the right to lodge a complaint with the appropriate European Union supervisory authority, and (iii) to the extent processing of data is based on consent, you have the right to withdraw your consent at any time. A list of supervisory authorities is available here.