GDPR compliance

The Ball iCompass GDPR compliance commitment

The Ball iCompass is committed to compliance with the European Union’s General Data Protection Regulation (GDPR), effective May 25, 2018. Although the law governs our relationship with only our European users, our response to it includes changes to our policies effective for all users of our services and visitors to our site. Laihona has made the GDPR a priority and we are fully aligned with the regulation’s intended result: the protection of user privacy and personal data.

What we’re doing to ensure GDPR compliance

The Ball iCompass has dedicated significant resources to reviewing our existing processes, agreements with third-party vendors, and IT security policies for GDPR. Below are examples of company-wide initiatives LiaFona has undertaken in order to abide by the new regulation:

  1. We maintain records of processing activities of all types of personal information the company holds.

  2. We updated our privacy policy to outline all processes related to personal data.

  3. Privacy policy now includes a lawful basis to explain why the company needs to process personal information and is written in clear and understandable terms.

  4. When processing personal data, we follow the security and privacy measures required under GDPR.

  5. The Ball iCompass staff who access and process personal data have been trained in handling data and maintaining the confidentiality and security of that data.

  6. Only essential staff access and process customer data, and only when necessary to provide services.

  7. We hold our vendors who handle personal data to the same data management, security, and privacy practices to which we hold ourselves.

  8. When we update your privacy policy, we inform existing customers.

  9. In the event of a personal data breach involving personal data, we will promptly notify regulators and end users involved.

  10. We regularly review policies for changes, effectiveness, changes in the handling of data as required by the GDPR.

  11. We only transfer data outside of the EU to countries that offer an appropriate level of protection.
     

GDPR Q&A

Does The Ball iCompass process customer personal data?
Yes. The Ball iCompass processes customer personal data only as needed to provide products, services, and customer support as identified in our Privacy Policy.

The Ball iCompass does not collect personally identifiable information (PII) for marketing purposes without customers’ consent, and customers may revoke consent at any time by following Unsubscribe link included in every email (LiaFona’s marketing includes an email campaign and an email newsletter.) Furthermore, LiaFona has never sold PII to third parties and is committed to continuing this as a core business practice.

What data does The Ball iCompass process?
The Ball iCompass AI algorithm uses user journal data to deliver personalized scripture. Processed journal data has no identifiable user PII. IP addresses may also be gathered in server logs but are not matched to other PII.


Where does The Ball iCompass process and store data?
The Ball iCompass processes customer data on Amazon Web Services (AWS) servers located exclusively in the US. Our third-party data center meets security regulations and standards with industry-leading physical and environmental controls. Our applications benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations.

Third-Party Subprocessors 
The Ball iCompass uses some cloud-based applications as a part of its infrastructure. Customer data may be stored in these applications at various times. Information on third-party subprocessors are listed in the The Ball iCompass privacy policy.


More Resources

GDPR Resources