What is the GDPR and why is it important for Admicontrol?
The General Data Protection Regulation (GDPR) is the new data privacy regulation for all EU and EEA member states. It unifies existing rules and regulations for Data Protection and Privacy to better protect EU/EEA citizens personal data within EU and outside EU. As such it applies to everyone and anyone that store, process or collect personal data about EU/EEA citizens.
In Admincontrol we have taken all necessary measures to ensure that we, when we are responsible for the collection of personal data (Data Controller) and where we process personal data on behalf of our customers (Data Processor) that this is performed in line with the requirements of the GDPR.
Main objectives of the GDPR
The GDPR lays out specific requirements for businesses and organisations to fulfil the following main objectives:
- Privacy
The right to be let alone, or freedom from interference or unauthorised intrusion and being able to keep certain personal matters to oneself. Within the GDPR, this relates to the right to have control over how your personal information is collected and used.
- Data Protection
Data protection is the process of safeguarding important information from corruption, compromise or loss. This is where the GDPR sets clear requirements that the security of personal data is in place. Any security certification schemes such as ISO 27001 or a third-party assurance reports such as SOC 2 is a proof that sufficient security and then the protection of data is in place.
What is Admicontrol doing?
In Admincontrol the protection of our client’s and user’s data is essential. We take security very seriously, we are also certified against ISO 27001 and have SOC 2 Type II certification.
In addition to security, we are committed to ensuring the privacy aspect is withheld in all the different type of processing of data we perform. By following the six Privacy Principles of the GDPR.
Privacy Principles
1. Lawfulness, Fairness and Transparency
- Lawfulness
Committing in our contracts to comply with the GDPR in relation to our processing of our customers data in all the services we provide.
- Fairness
Admincontrol only process personal data according to the contract with our customers to provide the services as agreed. We do not process the data in a way that is not relevant to the individuals whose data we are processing.
- Transparency
We are open on how we use personal data, this is outlined in our Privacy Statement for everyone to see. Our clients are also entitled to review our audit reports and any supporting documentation that is needed to ensure that we are acting according to what we are saying.
2. Purpose limitation
Admincontrol process our clients data according to the contract with our customers, according to the GDPRs requirements and principles and in accordance with our Privacy Statement. The personal data is therefore not used for any other purposes than for the purpose they were provided to Admincontrol in the first place.
3. Data Minimization
As part of providing the services to our clients we do not ask for additional data unless this is strictly required to ensure proper authentication of the individuals. We only collect data that is strictly needed to provide the services for our clients.
4. Accuracy of Data
Our clients are responsible for the accuracy of the data they upload to the service. They will at all times have the possibility to correct the data.
5. Storage limitation
Admincontrol only store our client’s data for the period they are using our services and according to any archive or retentions requirements as specified by our customers in the contract. When a client terminates their contract, their data is returned and deleted from our system unless special requirements for long time preservation is required according to the contract or as required by law.
6 Integrity and Confidentiality
All data uploaded to our service is protected with cryptographic technologies to ensure file integrity and confidentiality of data in addition to strong authentication schemes such as 2- Factor Authentication. For more details see our description of security measures on the Information Security page
Data Protection Officer
To ensure proper Privacy and Data Protection is in place Admincontrol has appointed an internal Data Protection Officer that monitors Admincontrol compliance with GDPR, provide advice in privacy related matters and act as a point of contact for our Clients and the Data Protection Authorities.
Information on our Processing
For more detailed information on how we process your personal data, what kind of tracking technologies that are used, what kind of logs we keep and for how long data is processed see our Privacy Statement