PeopleGoal's Commitment to GDPR Compliance

The European Union (EU) is enforcing a new data protection policy called the General Data Protection Requlation (GDPR). The new regulation will come into effect on May 25, 2018. PeopleGoal's GDPR commitment is fully compliant with the new regulation as of the enforcement date (May 25, 2018). The GDPR regulation is designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens' data privacy and to reshape the way organizations across the region approach data privacy. The key articles of the GDPR, as well as information on its business impact, can be found on the EU's GDPR website.

Who does the GDPR apply to?

The GDPR regulation applies to all organizations within the European Union (EU) and any organizations located outside of the EU in the case that they offer goods and services or monitor the behaviour of EU persons. Specifically, it applies to all companies processing and holding personal data of persons ("data subjects") residing in the EU.

How has PeopleGoal's GDPR commitment been created?

We've been actively working to achieve PeopleGoal's GDPR compliance for all our EU customers. Specifically PeopleGoal has:

• Documented the use of personal data in our system
• Introduced a new privacy policy that reflects our obligation towards our customers and users under the GDPR regulation
• Implemented processes to address the sub-processors' requirements under the GDPR regulation
• Made technical changes in our platform to support the enhanced data subjects' rights under the GDPR regulation

How does PeopleGoal demonstrate compliance with the GDPR?

PeopleGoal's GDPR readiness has been evaluated and we've made the necessary enhancements to our processes to ensure full compliance.

What is classified as personal data under the GDPR regulation?

Any information related to a data subject that can be used to directly or indirectly identify the person. For example:

• Name
• Email address
• Social network identity
• Bank details
• Medical records

What personal data does PeopleGoal collect from its users?

When you complete our sign-up form we collect some personal information such as name, email and phone number. For example, to create a trial account we ask only for a name, email and password.

More details about the information we collect and how we use that information is available in our Privacy Policy.

Does PeopleGoal have a Data Processing Addendum in place?

Yes, PeopleGoal has a DPA in place, because in some cases we are processors and not controllers of the data. If you require further details please reach out to us via email at contact@peoplegoal.com.

Does PeopleGoal maintain the E.U.-U.S. Privacy Shield Framework certification?

PeopleGoal has acquired its E.U.-U.S. Privacy Shield Framework certification.

What if I have further questions about the GDPR?

For more information about the GDPR please contact us at contact@peoplegoal.com or visit https://www.eugdpr.org/. Or view our PeopleGoal's GDPR compliance policy.