So we ask u.a. in several places, whether the data may be processed and also indicate the purpose.
We also meet all the GDPR requirements:
We even hired a GDPR consultant that will accompany any question you might have:
No, every customer has his own data storage. This allows us to ensure that data is not mixed. We generally use data in anonymous form for benchmarking. For this purpose, however, all personal data are rendered unrecognizable and the source encrypted. This is needed for internal optimization.
No, the data can’t be accessed by any of our team members or anyone else as we have defined that only a user can access the company data (In accordance with “Sectioning off sensitive data so that only approved personnel can access it.”).
The GDPR is the most comprehensive reorganization of data protection in Europe. As of May 25 2018, new laws will apply that strengthen the protection of personal data and, accordingly, protect the user / customer / subscriber from data leaks.
A certain commitment will of course remain. Nevertheless, certain measures must be taken to make it easier to cope with the legislative and information terrain.
The DS-BER contains important principles to improve the handling of data.
Comes from the data protection basic right (Art. 8 fundamental right Charter or Art.8 EMRK) and designates a superior principle. By “proportionality in the narrower sense”, which refers to the balancing of interests or goods
The use of personal data is prohibited unless expressly permitted.
Data may only be collected for specified, clear and legitimate purposes and not reused in a manner incompatible with those purposes.
Data may only be used to the extent that it meets the purposes for which it was collected and / or which are necessary for the purposes for which it was determined.
Data may only be kept in personal form for as long as it is necessary for the purposes for which it was identified.
Reduction of processing of personal data to the minimum.
Privacy by Design “Privacy through technology design” and takes up the idea that privacy can best be maintained if it is already technically integrated in the development of a data processing operation
Principle of good faith and legality
Privacy by default translates as “Privacy by privacy-friendly preferences” and means that the factory settings are designed to be privacy-friendly.
Information of the person concerned about the existence of a processing and its circumstances
Rights to information, rectification and cancellation as well as opposition
Data may only be used in such a way that they are factually correct and, if necessary, kept up-to-date with regard to the intended purpose.
There are important points to keep in terms of data security: access control, access control, access control, transfer control, input control, order control, availability control, separate processing
The DS-GVO regulates the entire handling of data by natural persons (affected persons). This applies not only to digital channels but also to offline channels e.g. Loyalty cards, point of sale, etc. or employee privacy. Even in these areas, very sensitive data is processed and companies are therefore even more committed to protecting their data.
Every person concerned also has certain rights with the DS-GVO. This should i.a. help to get more overview of submitted data. The following rights apply to an affected person:
In our view, this is not a MUST but a WILL. We as Indelve see this as absolutely necessary. Basically, the DS-GVO is “active”, where a service is provided. With that you have managed to keep the big international company to the DS-GVO. Example: If I use Facebook within the EU, Facebook must also comply with the DS-GVO.
What would happen if we did not comply with the DS-GVO?
The DS-GVO provides for high fines, companies should not comply with the law. Of course, proof must first be provided. This is exactly where something changes with the new regulation. In the future, companies have to prove that they act in conformity. Of course, this is only possible if the companies have sufficiently documented this.
We as indelve are committed to the observance of data protection measures and will continue to do so to the best of our knowledge and belief.
The definition of the Data Protection Officer is cited as follows:
Based on this information, we would like to note the following cornerstone to the Data Protection Officer.
Responsible or processor
The role of companies and their activities will be crucial in the future. For the persons concerned this is the clue to whom one can turn in the suspicion of an offense.
Following the two definitions.
‘Controller’ means the natural or legal person, public authority, body or body that alone or jointly with others decides on the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union law or the law of the Member States, the person responsible or the specific criteria for its designation may be provided for under Union or national law ‘.
‘Processor’ means a natural or legal person, public authority, body or body that processes personal data on behalf of the controller;
The two parties should have upright contractual relationships with each other, so that you as a person affected can turn to both if necessary.
Simply put, the owner is the owner of their data
You should now be able to better understand where your data is collected and where it is used. For some services, the person in charge of you will need an active consent, which you can subsequently withdraw.
Nonetheless, continue to pay attention to information provided to you through services.