GDPR Compliance

Last Updated: April 8, 2025

Our Commitment to Data Protection

At Eskit, we are committed to protecting the privacy and security of your personal data. We have implemented comprehensive measures to ensure compliance with the General Data Protection Regulation (GDPR), the European Union's data protection law that sets stringent standards for the collection, storage, and processing of personal information.

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It addresses the export of personal data outside the EU and EEA areas and gives control to individuals over their personal data.

The GDPR aims to:

  • Strengthen individuals' rights regarding their personal data
  • Harmonize data protection laws across EU member states
  • Provide clear guidelines for businesses on handling personal data
  • Enforce significant penalties for non-compliance

Our Role Under GDPR

Depending on the specific circumstances, Eskit may act as:

  • Data Controller: When we collect and determine the purposes and means of processing personal data about our customers, users, and website visitors.
  • Data Processor: When we process business data on behalf of our customers (including personal data that may be contained within business datasets).

We take both roles seriously and have implemented appropriate measures for each.

How We Process Personal Data

We process personal data in accordance with these GDPR principles:

  • Lawfulness, fairness, and transparency: We process data lawfully, fairly, and in a transparent manner.
  • Purpose limitation: We collect data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.
  • Data minimization: We limit the personal data we collect to what is necessary for the purposes for which it is processed.
  • Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date.
  • Storage limitation: We retain personal data only for as long as necessary for the purposes for which it is processed.
  • Integrity and confidentiality: We process personal data securely, protecting against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
  • Accountability: We take responsibility for complying with GDPR principles and can demonstrate compliance.

Legal Basis for Processing

Under GDPR, we process personal data only when we have a legal basis to do so. The legal bases we rely on include:

  • Consent: When you have given clear consent for us to process your personal data for a specific purpose.
  • Contract: When processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
  • Legal obligation: When processing is necessary for compliance with a legal obligation.
  • Legitimate interests: When processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

Your Data Subject Rights

Under GDPR, individuals have significant rights regarding their personal data. We respect and facilitate these rights, which include:

  • Right to be informed: You have the right to know how we collect and use your personal data. Our Privacy Policy provides this information.
  • Right of access: You have the right to request copies of your personal data that we hold.
  • Right to rectification: You have the right to request that we correct any inaccurate personal data or complete any incomplete personal data that we hold about you.
  • Right to erasure (right to be forgotten): You have the right to request the deletion of your personal data in certain circumstances.
  • Right to restrict processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
  • Right to object: You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.
  • Rights related to automated decision-making and profiling: You have rights related to automated decision-making and profiling based on your personal data.

To exercise any of these rights, please contact our Data Protection Officer at gdpr@enetricity.com.

Data Protection by Design and by Default

We implement data protection by design and by default in our products and services. This means:

  • We consider data protection issues from the design phase of any product, service, or process and throughout the lifecycle.
  • We ensure that, by default, only personal data necessary for each specific purpose is processed.
  • We implement appropriate technical and organizational measures to integrate necessary safeguards into our processing activities.
  • We conduct Data Protection Impact Assessments (DPIAs) when required.

International Data Transfers

Since GDPR restricts transfers of personal data outside the European Economic Area (EEA) unless certain protections are in place, we have implemented the following measures:

  • We primarily store and process data within the EEA.
  • When data must be transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.
  • We conduct assessments of the laws and practices of recipient countries to ensure adequate protection of transferred data.

Data Breach Notification

We have procedures in place to detect, report, and investigate personal data breaches:

  • We maintain records of all data breaches, regardless of severity.
  • When a breach is likely to result in a risk to individuals' rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it.
  • When a breach is likely to result in a high risk to individuals' rights and freedoms, we will also inform the affected individuals without undue delay.

Records of Processing Activities

We maintain records of our processing activities as required by GDPR, including:

  • Categories of data subjects and personal data processed
  • Purposes of processing
  • Categories of recipients to whom personal data has been or will be disclosed
  • Information about international data transfers
  • Envisaged time limits for erasure of different categories of data
  • Description of technical and organizational security measures

GDPR Training and Awareness

We ensure that all employees who handle personal data understand their responsibilities under GDPR:

  • Regular training sessions on data protection principles and best practices
  • Specific training for teams that regularly process personal data
  • Updates on changes to data protection laws and regulations
  • Clear policies and procedures for handling personal data

Contact Us

If you have any questions about our GDPR compliance or wish to exercise your data subject rights, please contact us at:

Email: info@enetricity.com
Phone: +32 495 26 36 36
Address: Sijslostraat 41 - 8020 Ruddervoorde - Belgium