Compliance

Last updated: 12 January 2024

We have implemented compliance into our management, technologies, and processes, especially for your privacy.

To ensure the security of customers' privacy information, we have consistently adhered to GDPR compliance and obtained ISO27001 Certification in 2022.

The General Data Protection Regulation (GDPR), which harmonizes data privacy laws across Europe, takes effect on May 25, 2018, and applies to all EU member states. To see how your personal information is collected, used, and shared when you visit our website, you could also refer to our Privacy Notice.

ISO27001 is an international standard for information security. It helps to ensure the information security management system (ISMS) of a company is aligned with information security best practices.

Our promise

We pay attention to protecting the personal privacy of users, and we strictly comply with GDPR requirements and process personal data in line with the following principles of GDPR:

  1. Lawfulness, fairness, and transparency

    Any data processing activities should be performed in a lawful, fair, and transparent manner.

  2. Purpose limitation

    The GDPR mandates that RAKwireless collects personal data for a specific purpose only and forbids its use for other incompatible purposes.

  3. Data minimization

    This principle requires RAKwireless to minimize the personal data being processed to only necessary data items, so the data processing should be adequate, relevant, and limited.

  4. Accuracy of data

    Data should not be incomplete, incorrect, or misleading.

  5. Storage limitation

    The general requirement is as follows: RAKwireless must not keep personal data for longer than RAKwireless needs it.

  6. Integrity and confidentiality of data

    This GDPR principle requires that appropriate security measures are in place to prevent data from being accidentally or intentionally compromised. Integrity and confidentiality of data are closely related to information security, including cybersecurity, and physical and administrative security measures.

  7. Accountability

    Under this principle, RAKwireless, as a data controller, takes the responsibility for its processing activities and compliance with the applicable data protection requirements.

What have we done to comply with the GDPR?

  1. We implement appropriate technical and organizational measures to ensure and to be able to demonstrate GDPR compliance.

  2. We comply with data protection by design and by default requirements.

  3. We implement appropriate data protection policies.

  4. We perform data subjects' rights

    1. right to be informed;
    2. the right of access;
    3. the right to rectification;
    4. the right to erasure;
    5. the right to restrict processing;
    6. the right to data portability;
    7. the right to object;
    8. rights in relation to automated decision-making, including profiling;
    9. right to lodge a complaint with a supervisory authority.

  5. We engage data processors (DPO) in accordance with the GDPR.

    The Privacy Notices of RAKwireless indicate that to exercise the data subjects’ rights, the users should directly contact the DPO at the dedicated email dpo@rakwireless.com. Therefore, most of the requests should be sent directly to the DPO, who will further process them.

  6. We cooperate with a data protection supervisory authority upon request, and we notify a personal data breach of a data protection supervisory authority and/or data subjects.

  7. We conduct data protection impact assessments (DPIA).

  8. We transfer personal data to third parties only in compliance with the GDPR, etc.

    RAKwireless has obtained ISO27001 certification in 2022, signifying our commitment to ensuring information security.