To learn more about Chameleon's commitment to complying with GDPR please read this overview article.
Chameleon role in managing data
The article below describes our obligations to our customers as a Data Controller. To learn how we help our customers become GDPR compliant, and fulfill our responsibilities as a Data Processor, please read this.
Individual data rights
The GDPR provides users with fundamental rights relating to controlling their personal data.
Personal data is defined as any information relating to a person who can be directly or indirectly identified in particular by reference to that information. This can include name, email or other identifiers.
Chameleon upholds these rights for all our customers and you can learn more about these and how to exercise them below.
The right to be informed
Individuals need to be informed about the collection and use of their personal data in a clear and transparent way.
The right of access
Individuals can request a copy of their personal data so they can be aware of / validate its lawful processing.
The right to rectification
Individuals are entitled to have personal data rectified if it is inaccurate or incomplete.
The right to erasure (right to be forgotten)
Individuals can request the deletion of their personal data if it is no longer necessary (for the original purpose) or they no longer consent.
The right to restrict processing
Individuals can request a restriction on usage of their personal data (not erasure) if they believe it to be inaccurate or unlawfully processed.
The right to data portability
Individuals are entitled to obtain their personal data (in a commonly used format) to reuse for their own purposes across different services.
The right to object
Individuals can object to their data being processed for direct marketing or research.
Rights in relation to automated decision making and profiling
Companies can only leverage automated decision-making (without involvement of individuals) that create legal or similarly significant effects upon individuals in very limited and specific circumstances.
Chameleon does not make any automated-decisions based on personal data that cause significant effects to individuals.
Making requests around your individual rights
To make any data request related to the rights above (e.g. to request a copy, or to object, update or erasure etc.) please please email us at firstname.lastname@example.org from the email address associated with your Chameleon account.
We will respond within 30 days, the required legal time window within GDPR, but hopefully sooner.