The Global Data Protection Regulation (GDPR) is legislation passed by the EU (European Union) to help fortify and amalgamate data protection for all individuals within the EU, Great Britain, and a few other European countries. GDPR replaces the Data Protection Directive 95/46/EC. The goal of the regulation is to protect the Personally Identifiable Information (PII) of all EU citizens by regulating how their PII is shared, stored, and managed. It also addresses the export of PII outside of the EU. Moreover, it is designed to standardize data privacy laws across the EU with the main goal to “protect and empower all EU citizen’s data privacy and to reshape the way organizations across the region approach data privacy.” With the ever-growing threat of cybercriminals focusing their efforts on stealing PII, the GDPR is important and impactful legislation for data protection and privacy.
TokenEx complies with both the EU-U.S. Privacy Shield Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information to and from the European Union, the United States, the member countries, and Switzerland, as applicable to each framework. TokenEx has certified to the Department of Commerce that it adheres to both the Privacy Shield Principles and the U.S.-Swiss Safe Harbor Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles and the U.S.-Swiss Safe Harbor Principles, the Privacy Shield Principles or the U.S.-Swiss Safe Harbor Principles, as applicable, shall govern. The Federal Trade Commission has jurisdiction over TokenEx’s compliance with the EU-U.S. Privacy Shield Framework.
To learn more about the Privacy Shield Principles and the U.S.-Swiss Safe Harbor Principles, and to view TokenEx’s certification for both, respectively visit these pages:
The Privacy Act 1988 (Privacy Act) regulates how personal information is collected, stored, and transmitted in Austalia and Australian Capital Territory. The Privacy Act defines personal information as: information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable. Common examples are an individual’s name, signature, address, telephone number, date of birth, medical records, bank account details, and commentary or opinion about a person. In addition to the APPs, the Privacy Act also covers more specific matters that entities, including some small businesses, may be required to comply with.
The Privacy Act includes thirteen Australian Privacy Principles (APPs), which apply to some private sector organizations, as well as most Australian and Norfolk Island Government agencies. These are collectively referred to as “APP entities”. The Privacy Act also regulates the privacy component of the consumer credit reporting system, tax file numbers, and health and medical research.
Australian Privacy Principles — A Summary for APP Entities: Privacy Act 1988