Breach NotificationeSG will notify its clients and the public of any breach of services even in case no personal information of its clients have been compromised. Our system is ready to make this information publicly available immediately after the breach has been identified. Our procedures include direct communication with all of our clients even if they are not affected including a public statement on our web site. We reserve the right to delay the technical details on how the breach was instigated for up to 28 days after the breach. In case the attack vector is affecting or will affect our client infrastructure or software we will provide assistance immediately to mitigate the issue.
Right to AccessWe will provide any inquiring customer of how, where and why we store information regarding his account and services in our infrastructure. The information will be provided in human readable form as well as in machine readable formats to the customer at his or hers request. The customer will have first to completely validate his personal information using our Members Area and direct contact over a phone call. The request can be made using a ticket to our support department at any time and it will take approximately 72 hours. Please note that we will not be providing hashes of the users passwords or authentication session keys in our systems for this or any other request.
Right to be Forgotten (aka Data Erasure)eSG will completely remove customer's personal data from our systems according to article 17 on request.
Data PortabilityeSG will provide to the customer his personal information as well as his services data in a commonly used and machine readable format so that he or her can transfer to another service. This process will include database user names and hashes including the session state in those at the time of export. It will not include the users authentication hash or sessions keys.
Privacy by DesignAccording to Article 23 we only preserve and handle customer personal information only when absolutely needed. We have implemented any known appropriate technical and organisational measures in the best way known to us to meet the requirements of the GDPR and protect the rights of our customers.
Client Employee IdentificationSince 2018/01/01 we have removed all personally identifiable information from our systems for employees of our clients. In order to safeguard their personal information we have completely removed all identifiable tokens, including phone numbers, emails, addresses etc. Since 2018/01/01 we are only allowing a client to contact us through their official account and sub accounts created by the clients IT department in our system.
UK ClientseSG will offer the same exact services and protection to UK customers regardless of BREXIT conditions.