Handling of personal data
On 25:th of May 2018, the new data protection regulation from the EU, GDPR (General Data Protection Regulation) gets active. This is a new EU regulation aimed at strengthening the protection of individuals in the processing of personal data. When it becomes active, it replaces the 1995 Data Protection Directive, as well as all current member states current national regulations. In Sweden’s case, it is about PUL, the Personal Data Act.
GDPR also places new demands on all companies, authorities and organizations that collect and manage personal data. Simplified, you could say that the GDPR concretises the privacy data protection rules, and clarifies responsibility for data being handled and stored. It is important that you, who store or otherwise process personal data, understand at least the basics of GDPR.
Here you can find information about GDPR and what it means:
• The Swedish Data Protection Authority
• Official GDPR
Binero’s role as “controller”
Binero acts as a personal data controller (controller) for you as a customer to us, and for your information you provide when registering in our services. This means that we undertake the responsibility of GDPR for personal data administrators regarding processing of your personal data. On the “Data Protection Policy” page you will find all the information that concerns you as registered with us. Our customers may, in turn, be personally responsible for information they collect and store in our services, and our role will then be as a Personal Data Adviser to our customers.
Binero’s role as “processor”
For those who store personal information in our services, we act as a personal information assistant (processor). This is something that is important primarily for you as a customer to keep track of and as personal data controller you need to make sure you have a data processing agreement . We have, together with our legal partnerss, put together a data protection agreement (DPA) that applies to all our customers. This, together with Appendix 1 (“Personal Data Handling”), our Terms and Conditions, and our Data Protection Policy, are the information that you should look at when considering us as a processor.
Unfortunately, we do not have the possibility to make adjustments to the agreement we offer, nor sign it physically for our customers in our web hosting- or cloud services – but are offering the digital standard agreement found in the documents section below. For those who buy consultancy- or hostingservices (or similar) through contact with our sales team or account management you may be able to get a physically signed example and for this we ask you to get in contact with your sales contact.
What to consider when processing personal data in Binero’s services
First of all, it’s important to fully understand what actually classifies as personal data. If you know that you treat personal data in one way or another, there is much to think about.
Some tips we can provide regarding personal data processing related to our services are:
• Do not process personal information you do not need (regardless of consent) and, if possible, refrain entirely from processing extra sensitive data.
• Make sure that the information you process and collect is done on a legal basis.
• Make sure you monitor your responsibilities as personal data controller.
• Use encrypted protocols for eg. your web, mail and file transfers.
• Keep your applications where data is processed secure, constantly updated and limit the access to data as much as possible.
Important documents and information for our customers
We have gathered these important documents and pages of information that apply to you as a customer to Binero from 2018-05-25 (until then. the Swedish “PUL” still applies).
• General Terms and Conditions
• Data protection policy
• Data processing agreement
• Personal Data Handling (Appendix 1 to the Data processing agreement)
We work together with our law firm continuously to have good and clear terms and conditions, and have also built up good practices and systems for data protection and GDPR with the help of a supplier that works exclusively with this.
Aware and aducated staff members
We have completed a training session and an internal GDPR certification for all our employees in all departments, and do this on a regular basis once a year. We also have good supplier and system support to keep us updated and work actively to follow the directives and try to facilitate this for our customers as well.
We are certified both in accordance with the quality standard ISO 9001 , as well as information security standard ISO 27001 and has met the rigorous requirements of routines, processes and different systems contained in these.
Other important information about how we work with GDPR, both as processor and controller, can be found in our Data Protection Policy and our attachment to the Data Processing Agreement, which describes how we treat personal data as a processor. We understand that many people have questions and concerns about GDPR, but unfortunately do not have the opportunity to answer questions and concerns about how to work with this outside the scope of our own services and customers, and based on the information we published here. For other questions, please refer to https://www.datainspektionen.se/in-english/ which has very good information and guides to work with GDPR.