GDPR FAQ
The GDPR is the European Union’s new, comprehensive privacy and data protection law that will take effect on May 25, 2018. The primary aim of the GDPR is to regulate how the personal data of EU residents is processed – even by businesses that have no physical or legal presence in the EU. Organizations can face hefty fines for non-compliance: up to €20 million or 4 percent of annual global revenue, whichever is higher.
The GDPR applies to all organizations operating in the EU and processing “personal identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable natural person.
One of the key aspects of the GDPR is that it creates consistency across EU member states on how personal data can be processed, used, and exchanged securely. Organizations will need to demonstrate the security of the data they are processing and their compliance with GDPR on a continual basis, by implementing and regularly reviewing robust technical and organizational measures, as well as compliance policies.
Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data
Data Processor - the entity that processes data on behalf of the Data Controller
Data Subject - a natural person whose personal data is processed by a controller or processor
In this case, ‘TSQ media’ is the Data Controller. ‘ Conserve Matrimony’ is the Data Processor. The end-user at Conserve Matrimony is the Data subject.
Conserve Matrimony is currently working on updating its data protection policies and continuing to review its security measures, as we always do, to stay at the forefront of evolving industry standards and best practices.
Conserve matrimony is also taking a ‘data protection by design and default’ approach - putting appropriate data protection measures in place throughout the entire lifecycle of our processing operations.
Our contractual commitments guarantee that we can:
GDPR empowers data subjects with certain rights. Through these rights, data subjects can make a specific request and be assured that personal data is not being misused for purposes other than the legitimate purpose for which it was originally provided. Let us understand the different rights requests that a data subject can make as a customer, as an employee, and as personnel of a supplier.
This right provides the data subject with the ability to ask a company for information about what personal data (about him or her) is being processed and the rationale for such processing. For example, a customer may ask for the list of processors with whom his or her personal data is shared.
This right provides the data subject with the ability to get access to his or her personal data that is being processed. This request provides the right for data subjects to see or view their own personal data, as well as to request copies of the personal data.
This right provides the data subject with the ability to ask for modifications to his or her personal data in case the data subject believes that this personal data is not up to date or accurate.
This right provides the data subject with the ability to withdraw a previously given consent for processing of their personal data for a purpose. The request would then require the company to stop the processing of the personal data that was based on the consent provided earlier.
This right provides the data subject with the ability to object to the processing of their personal data. Normally, this would be the same as the right to withdraw consent, if consent was appropriately requested and no processing other than legitimate purposes is being conducted. However, a specific scenario would be when a customer asks that his or her personal data should not be processed for certain purposes while a legal dispute is ongoing in court.
This right provides the data subject with the ability to object to a decision based on automated processing. Using this right, a customer may ask for his or her request (for instance, a loan request) to be reviewed manually, because he or she believes that automated processing of his or her loan may not consider the unique situation of the customer.
Also known as right to erasure, this right provides the data subject with the ability to ask for the deletion of their data. This will generally apply to situations where a customer relationship has ended. It is important to note that this is not an absolute right, and depends on your retention schedule and retention period in line with other applicable laws.
This right provides the data subject with the ability to ask for transfer of his or her personal data. As part of such request, the data subject may ask for his or her personal data to be provided back (to him or her) or transferred to another controller. When doing so, the personal data must be provided or transferred in a machine-readable electronic format.
A rights request can be made by the data subject or their legal representative. Such individuals could be a customer, an employee, or personnel of a supplier working for the company. Also, such request should usually be made in writing.
The General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018, provides data subjects with an array of privacy rights, which provide individuals with greater transparency into and control over uses of their personal information.
At this point, you may be asking how Conserve Matrimony aligns with the privacy rights and where you can learn more about our support to GDPR compliance
Ensure transparent communication with data subjects regarding the processing of their personal data.
Ensure data subjects are notified of their rights under the GDPR.
Conserve Matrimony’s Terms & Conditions Agreement, Privacy Policy and Cookie Policy provide a transparent notice to inform its data subjects along with this GDPR FAQ to create awareness on the regulation and data subject rights.
A data controller is exempt from these obligations if it cannot identify which personal data in its possession relates to the relevant data subject (i.e., if personal data is anonymized and cannot be re-identified).
Allow data subjects to require a data controller to rectify any errors in their personal data.
Conserve Matrimony administrators and data subjects have access to their profiles to amend inaccuracies.
Provision of this right to a data subject should not adversely affect an organization’s intellectual property (i.e., giving access to a data subject should not require disclosure of trade secrets).
Provide data subjects with the right to delete their personal data if the continued processing is not justified.
For example, you may need to delete your customer’s personal data to comply with your GDPR obligations.
Conserve Matrimony provides data subjects with the option to deactivate their accounts and request Conserve Matrimony administrators to depersonalize their data.
A company is not required to delete data, except when one of the following reasons is present:
Provide data subjects the right to limit the purposes for which the data controller can process personal data.
Conserve Matrimony has documented and implemented internal mechanisms for limiting the processing of personal data to only certain specified uses relating to Conserve Matrimony products and services. Functionality is currently available to suspend/unsuspend data subjects.
Conserve Matrimony can also export and retain data while processing has ceased.
The requirement to restrict processing generally applies under the same circumstances as the right to be forgotten and/or when the following circumstances exist:
Provide data subjects with the right to transfer their personal data between data controllers.
Conserve Matrimony has developed and implemented mechanisms to enable its data subjects to export profile data.
Inferred and derived personal data (e.g., a message response rate, personality test report) are not included because they are not “provided by the data subject.”
Data controllers are not obligated to retain personal data simply for the purposes of providing a copy of the personal data pursuant to a potential data subject request.
Provide data subjects with the right to Cease processing personal data based upon specific data subject requests
Conserve Matrimony has documented and implemented internal mechanisms to:
Data controller must cease processing upon request unless:
© 2025 Conserve Matrimony. All Rights Reserved.