On May 25, 2018 the European Union’s General Data Protection Regulation (GDPR) takes effect in all countries in the European Economic Area (EEA).
Norway, where Runbox is located, is part of the EEA and is implementing these regulations through its own legislation.
We welcome these new regulations as they greatly strengthen the rights of the individual to digital privacy and security, which we always have promoted and supported.
What is the GDPR?
The GDPR is a set of regulations declaring that the individual should have control over their personal data by specifying how such data may be collected, processed, and stored.
The regulations require that businesses and organizations integrate this right into their business practices through policies, procedures, and technologies that safeguard the users’ privacy.
Important principles are that personal data are processed lawfully, for legitimate purposes, and with explicit consent from the user. This means that your personal data can only be collected with your permission.
The regulation also sets forth a number of rights on the part of users of digital services:
- The right to transparency about how data is processed.
- The right to access and information about collected data.
- The right to rectify stored data.
- The right to erase data (“right to be forgotten”).
- The right to restriction of processing.
- The right to data portability.
GDPR also recognizes the term “privacy by design”, which means that privacy shall be considered in all circumstances when personal data is processed or stored. By also introducing “privacy by default”, GDPR states that appropriate measures must be implemented to ensure that personal data collected is only used for the specific purpose for which the consent is given.
How does Runbox implement the GDPR?
At Runbox we believe that the privacy and security of your data is essential, and that it’s important for you to be aware of your rights and your options when it comes to your personal data.
Runbox has therefore been working on the implementation of the GDPR throughout our organization and our services over the past three years.
The activities that implement the GDPR in Runbox can be divided into 3 main areas:
- Internal policies and procedures
- Partners and contractors
- Protection of users’ rights
The first two areas include documentation of information security management and internal policies and procedures, as well as data processing and confidentiality agreements with our partners, contractors, and staff.
The third area relates directly to you as a Runbox user, and includes the terms and policies that govern your use of our services, how we aim to inform and educate our users about privacy, and how we are implementing tools and utilities that safeguard your privacy rights.
Runbox’ main areas of GDPR implementation
Revised Terms of Service and Privacy Policy
As part of our GDPR implementation the Runbox Terms of Service and Privacy Policy have been revised:
- New Terms of Service effective 25.05.2018
- New Privacy Policy effective 25.05.2018
While the Terms of Service has only been updated with minor changes, the Privacy Policy has been restructured and amended. It provides a comprehensive overview of the policies that govern your privacy as a Runbox user, and describes in an accessible way the types of data Runbox collects in order to responsibly and reliably operate an email service.
It also lays out how user data are processed and stored, how they are being protected, and what rights you have as a user of our services.
It’s important to us that you are informed about your rights and your options with regards to your privacy. We ask that you review the revised terms and policies by May 25, 2018 when they take effect, and invite you to contact us with any questions or concerns.