GDPR

Rampard Systems Inc GDPR Regulations

1) LAWFUL, FAIR AND TRANSPARENT PROCESSING

Rampard Systems, Inc. (“Rampard” or “company” hereadter) processes limited personal data on
behalf of its clients and does so in in a lawful, fair and transparent manner. Our data collection is
only used for legitimate business purposes, i.e.: since we are the webcasting provider, we provide
our clients (Direct Rampard Systems’ clients – “clients” hereafter) with event pages that at times
require; and other times provide optional online registration to watch/listen of our clients’ online live
and/or on-demand streams. Data collected for most events is standard business information, i.e.: full
name, company and email address, plus business phone number. The only private information is
online viewers’ (people who come to Rampard hosted web pages on which clients events reside –
“viewers” hereafter) names, and at times other pieces of data requested to be collected by our
clients. Rampard Systems, Inc. never collects any personal or business payment information, as
Rampard Systems, Inc. utilizes QuickBooks payment processors and all the invoices are processed
directly by Intuit QuickBooks Inc. – Their GDPR policies can be found here: https://quickbooks.intuit.com/uk/gdpr/ .
Rampard online webcast registration and data collection mechanisms use session cookies, and
therefore nothing is stored on end users’ machines. The registration has a login option for returning
users. All data is stored in databases of third party hosting server provider DailyRazor Inc.
DailyRazor does not use or have access to any of data collected by Rampard Systems, Inc.

2) LIMITATION OF PURPOSE, DATA AND STORAGE

Rampard limits the processing, collection and retention of only that data which is necessary, and not
keep personal data once the processing purpose is completed.
Rampard forbids processing of personal data outside the legitimate purpose for which the personal
data was collected.
Rampard collects only that data which is requested by Rampard’s clients, and clients are
responsible for data collection explanation and justification.
Rampard ensures that personal data is deleted once the legitimate purpose for which it was
collected is fulfilled.

3) DATA SUBJECT RIGHTS

Rampard understands that data subjects or viewers have the right to ask Rampard what information
it has about them, and what Rampard does with this information. In addition, a data subject/viewer
has the right to ask for correction, object to processing, lodge a complaint, or even ask for the
deletion or transfer of his or her personal data.

4) CONSENT

Rampard does not process personal data beyond the legitimate purpose for which that data was
collected. If Rampards’ clients intend to do so, they are the subject of the same GDPR laws and
regulations, and Rampard is not liable for clients’ actions. Rampard understands that in those cases,
clients must obtain clear and explicit consent from viewers. Once collected, this consent must be
documented, and the data subject is allowed to withdraw his consent at any moment.
Rampard never processes children’s data, and understands that GDPR requires explicit consent of
the parents (or guardian) if the child’s age is under 16.

5) PERSONAL DATA BREACHES

Rampard maintains a Personal Data Breach Register and, based on severity, the regulator and
viewer should be informed within 72 hours of identifying the breach. Rampard has never had any
personal data breach, therefore that PDBR has no entries.

6) PRIVACY BY DESIGN

Rampard incorporates technical mechanisms to protect personal data in the design of new systems
and processes; that is, privacy and protection aspects are ensured by default.

7) DATA PROTECTION IMPACT ASSESSMENT

Rampard has had no need for Data Protection Impact Assessment as there have been no changes
to the processing of data.

8) DATA TRANSFERS

Rampard makes every professionally reasonable effort to ensure that personal data is protected and
GDPR requirements respected, even if processing is being done by a third party.

9) DATA PROTECTION OFFICER

Rampard does not process significant amounts of personal data therefore there is no need for Data
Protection Officer. Currently, all employees ensure that Rampard GDPR guidelines are followed.

10) AWARENESS AND TRAINING

Rampard creates awareness among its employees about key GDPR requirements, and ensures that
that employees remain aware of their responsibilities with regard to the protection of personal data
and identification of personal data breaches as soon as possible.