Breach NotificationeSG will notify its clients and the public of any breach of services even in case no personal information of its clients have been compromised. Our system is ready to make this information publicly available immediately after the breach has been identified. Our procedures includes direct communication with all of our clients even if they are not affected including a public statement on our web site. We reserve the right to delay the technical details on how the breach was instigated for up to 28 days after the breach. In case the attack vector is affecting or will affect our client infrastructure or software we will provide assistance immediately to mitigate the issue.
Right to AccessWe will provide any inquiring customer of how, where and why we store information regarding his account and services in our infrastructure. The information will be provided in human readable form as well as in machine readable formats to the customer at his or her request. The customer will have first to completely validate his personal information using our Members Area and direct contact over a phone call. The request can be made using a ticket to our support department at any time and it will take approximately 72 hours. Please note that we will not be providing hashes of the users passwords or authentication session keys in our systems for this or any other request.
Right to be Forgotten (aka Data Erasure)eSG will completely remove a customer's personal data from our systems according to article 17.
Data PortabilityeSG will provide to the customer his personal information as well as his services data in a commonly used and machine readable format so that he or her can transfer those to another service. This process will include database user names and hashes including the session state in those at the time of export. It will not include the users authentication hash or sessions keys.
Privacy by DesignAccording to Article 23 we only preserve and handle customer personal information only when absolutely needed. We have implemented any known appropriate technical and organisational measures in the best way known to us to meet the requirements of the GDPR and protect the rights of our customers.