Current as of August, 2022
Middleware provides services in the European Economic Area (“EEA”) and the United Kingdom (“UK”), and thus we are committed to compliance with data protection regulations in the EEA and UK. At Middleware, we collect, process, and transfer personal data in accordance with the General Data Protection Regulation and UK General Data Protection Regulation (collectively, “GDPR”). Middleware is here to help customers, and end users understand the GDPR and our adherence to its requirements.
Introduction to GDPR
The GDPR covers the personal data of individuals in the EEA and UK, known as data subjects, and imposes obligations on businesses that process that data to protect it and to offer data subjects rights in their personal data. Businesses that violate their obligations under the GDPR stand to incur significant financial penalties. Regulators in the EEA can issue fines of up to € 20 million or 4% of annual global turnover, whichever is higher.
GDPR Application
The GDPR applies to personal data collected from data subjects in the EU and UK
Middleware’s Compliance to GDPR
We work to protect personal data in accordance with the principles mentioned below.
We have a lawful basis to process personal data, we only process it in ways that data subjects reasonably expect, and we are open with data subjects about how and why we process their personal data.
We collect data for specified, explicit, and legitimate purposes and do not further process personal data in a manner that is incompatible with those purposes.
We ensure that the personal data we process is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
Any data we hold is accurate and kept up to date.
We do not keep personal data in a form that permits the identification of data subjects for longer than is necessary for the purposes for which the personal data is processed.
Personal data is securely processed, thus protecting against unauthorized or unlawful processing, accidental loss, destruction, or damage, using appropriate technical and organizational measures.
We have appropriate measures in place to demonstrate our compliance with the GDPR. As part of implementing the processing principles noted above, Middleware offers opportunities for data subjects to exercise the rights available to them under the GDPR, including:
Middleware Privacy Policy provides transparent notice to data subjects about how and why we process their personal data.
Middleware offers data subjects the right to obtain a copy of their personal data and the right to amend inaccuracies or rectify any errors in their personal data.
Middleware offers data subjects the right to obtain a copy of their personal data and the right to amend inaccuracies or rectify any errors in their personal data.
Data subjects have the right to request the restriction of processing of their personal data.
We provide data subjects with the right to receive personal data they have provided to us in a structured, commonly used, and machine readable format, and to transfer their personal data between data controllers.
Middleware has documented and implemented internal mechanisms to stop processing upon specific data subject requests, including for direct marketing purposes.
Frequently Asked Questions
Any information relating to an identified or identifiable natural person (data subject), such as name, address, email address, phone number, educational background, financial details, educational details, nationality, etc.
Data Controller: Determines the purposes and means of processing personal data. Data Processor: Processes personal data on behalf of the Controller. Data Subject: Natural persons in the EEA or UK. Typically, Middleware operates as a data processor for customer controllers.
The DPO is responsible for informing employees of their compliance obligations and conducting awareness training, monitoring, and audits required under GDPR. Middleware has a dedicated DPO. For any queries related to GDPR compliance, contact our DPO at security@middleware.io.
Yes, we have data breach procedures that enable us to respond quickly to and mitigate breaches and notify affected parties as necessary and within statutory timeframes.
We store personal data for as long as necessary to conduct business with or on behalf of data subjects, as needed for the purposes outlined in our Privacy Policy, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Please see the “Middleware Compliance with the GDPR” section above
The personal data we process is stored in data centers hosted by Amazon Web Services located in the US, Europe, Canada, and India.
Data transfers from the EEA and UK can be legitimized in various ways, including by execution of the Standard Contractual Clauses. We have adopted the Standard Contractual Clauses in our Data Protection Addendum (DPA).