Prior to building the system, BASIS ID had reviewed all the aspects of the Personal Data Protection Act (PDPA) that it, as a data processor, has to fulfil. Below is the description of what BASIS ID has enforced in view of the PDPA:
In addition to gaining permission from the customers to collect, use and store data, BASIS ID’s clients are expected to specify to their customers that BASIS ID is the appointed data processing intermediary platform for them. This is to reaffirm that consent has been granted to BASIS ID in the process.
Furthermore, BASIS ID has explicitly made it clear to the customers that they can withdraw their consent at any time. There are currently two options for the customers to withdraw their consent. They can either request to withdraw by contacting the support team or simply clicking on a button which will delete their data instantly. Upon withdrawal of consent, all of that customer’s data will be deleted, unless we are legally bound to keep them in order to fulfill certain lawful requirements
- Notification and Purpose
Prior to obtaining permission from the customers to collect, use and store data, BASIS ID notifies the user of the purposes for which the data will be used for. Following which, BASIS ID has implemented strict policies and procedures that data will be used for the specified purposes only – these policies and procedures are applicable to every single employee of BASIS ID and other third-party partners, if there are any.
- Access and Correction
It is BASIS ID’s policy to fulfill the customers requests for information on how their personal data had been used. BASIS ID’s support agents are instructed to respond to such requests and provide the necessary information.
If the support agents are unable to make the necessary corrections on behalf of the customers, the support agents are expected to guide them in the process of making corrections.
BASIS ID’s CRM was designed with convenience and security in mind. Here are some of the unique characteristics that BASIS ID’s CRM possesses to reinforce its security:
- All information is encrypted and recorded in a private blockchain
- Customers’ passwords cannot be changed and can only be reset. The passwords are generated with a random combination of unsystematic letters, numbers and special symbols.
- The users have the ability to control who can access their data. They can instantly grant or revoke specific companies' access to their data and even determine which aspects of their data will be shown to these companies.
- Retention Limitation
BASIS ID’s usual practice is to store data that were collected via BASIS ID’s APIs that are integrated into the Client’s website for 2 years after the contract with the Client has ended. During the period of storage, the data may be used for reviewing purposes (e.g. assessing the performance and quality). After 2 years from the end of the contract, all data that were collected via the Client’s website will be deleted. We will inform the Client when the data is deleted.
BASIS ID is aware of the different data privacy requirements expected from different countries. In order to meet the different regulations, BASIS ID has categorized the customers based on their citizenship so that it will be easier for the staff to modify the policies and procedures for each country. However, BASIS ID still has a universal data protection standard in place and will not go anywhere below that standard should the data be transferred to another country that has less strict regulations in place.
BASIS ID has a support team which is ready and trained to respond to queries, complaints and requests. The team has a functional hotline to the Data Protection Officer and his delegates.
If you have any further questions concerning how BASIS ID fulfils the PDPA, please contact email@example.com.