Infinity Mobile sets data as a key priority, including the privacy of customers data, the security of its customers data, and its confidentiality. Our business customers value our continuous investment and efforts in setting the standard for data protection. Infinity Mobile, as a company in the heart of Europe, is compliant with the EU General Data Protection Regulation (GDPR) and related guidelines.
Main take-aways from GDPR?
  1. The requirement to receive a data subject's consent to collect and process their personal data. The data that is collected and processed also must be "explained", meaning: why do you as a business need a certain type of personal data?
  2. Personal data is basically put in two categories, basic personal data (like name, address, email address, ...) and sensitive data ("special category data") which includes data like religion, health, sexual orientation etc.
  3. Penalties that make large businesses become really aware of data. While in past privacy of data was of a lesser concern with a number of global operating companies, the EU is putting efforts in changing this behaviour. And what's best to change behaviour by incentivizing proper behaviour. However, if you violate rules then the fine can go up to 4% of a company's global revenue.
  4. Concept of Data Controller, Joint Controller, Data Processor. Typically in a B2C context (the segment Infinity Mobile is serving) the business customer of Infinity Mobile is a Data Controller. The Data Controller has the direct relationship with the data subjects. The Data Controller must tell the Data Processor how long data must be stored, the Data Controller must make sure it has a lawful basis to collect the data, ... Infinity Mobile always acts as a Data Processor and a Data Processing Agreement is signed to describe the relationship between DC and DP.
What is the scope of GDPR?
GDPR applies to companies which operate in the EU but isn't limited in scope to such companies. GDPR actually applies to any company handling personal data of EU data subjects, regardless of the location of such company.

The GDPR regulations apply essentially worldwide: any website/app/... which stores information obtained from a EU visitor. When you collect and process information of EU data subjects, you are subject to compliance with the provisions of GDPR.

What does GDPR mean in working with Infinity Mobile?
1. You will be in contact with our Data Processing Officer (DPO).

2. We will sign a Data Processing Agreement (DPA) to align on roles & responsibilities in the context of the GDPR.

3. Our platform supports all functionality to be in line with GDPR, including the appropriate technical and organisational measures. Individual rights as the right to access data, rectify data, erasure data, port data are fully supported.

4. All data is stored in EU datacenters.

5. We assist our business customers actively in the practice of GDPR. This includes reviewing customer journeys for consent/explicit consent, questioning if certain data is really required, and processing the data in a secure and reliable manner.

6. We have a documented approach to handle data breaches. While we haven't had any data breaches up to now, we believe 'better safe than sorry' is the right tactic here.
For people who like to read a lot: link to the GDPR official EU text.

Read also our privacy policy page.