Starting May 25, 2018, all companies and organisations that store and process personal data of European citizens must meet the standards of the General Data Protection Regulation (GDPR).
Although Software Information has always made an effort to safeguard privacy, we have worked hard these past months to meet the standards of the new regulation.
In this newsletter, you will find more information on how Software Information will handle this regulation. Should any questions or comments remain, please contact us at dpo@softwareinformation.co.uk or +31 (0)299 200310.
Use of personal data
We would first like to clarify what is meant with ‘personal data’. This is data that can be connected to an individual or that can be used to identify an individual. Think of such things as your name, telephone number, e-mail address etc. General company data does not fall in this category. An exception to this rule are data on freelancers, which are seen as individuals.
Collection and processing of personsal data and data minimization
As part of data minimization, Software Information will exclusively collect, store and process personal data that is strictly necessary for performing our service. Software Information only collects personal data that is publicly available or that is provided to us by those stakeholders themselves.
Informing stakeholders about our personal data policy
Software Information strives to inform all stakeholders as clearly and completely as possible on how we handle personal data. For example, the submission forms on our website will always clearly state why we collect the data and how we will use it.
Our websites will include a link that refers to information on the GDPR and the way in which Software Information deals with this. For the sake of completeness, new terms and conditions will be published on all websites and we will clearly state that cookies of partners are used on the website.
Sharing personal data with third parties
Software Information never shares data with third parties without explicit permission of the stakeholders. This guarantees that parties who we help in their search for the right software have given their explicit permission to share their data with suppliers.
In addition, upon qualification, they receive an e-mail describing exactly how the process goes and how their data will be used. In this e-mail, we clearly repeat that they have given permission for sharing their data with third parties. Should any objection to sharing this data arise, the e-mail will also explain how this objection can be submitted.
Appointment data protection officer
For the handling of questions, requests and complaints regarding privacy, Software Information has appointed a Data Protection Officer (DPO). This DPO endeavours to react as quickly, clearly and complete as possible to privacy-related questions and requests. If you have any questions, you can contact the DPO at the e-mail address dpo@softwareinformation.co.uk or at +31 (0)299 200310.
Access to personal data
The internal processes of Software Information have been designed in such a way that employees are only given access to personal data on a need-to-know basis. This means that personal data is only available to employees if this data is necessary for performing their activities.
Services and suppliers
Software Information has made sure that all suppliers/services that Software Information uses have a policy that meets the regulation of the GDPR.
Right to access, correction, deletion and data portability
The stakeholders of Software Information have the right to access their personal data. They have access to information on the method in which Software Information processes this data. Software Information endeavours to give a clear overview of the processed data on demand. Stakeholders can receive a copy of the data available to us. On demand, stakeholders can be informed on the processing of their data. This may include the purpose of the processing, with whom the data is shared or how the data was obtained.
Stakeholders are entitled to request Software Information to remove or correct the personal data of him/her. Personal data is standard updated within 18 months and is otherwise deleted.
Stakeholders must be able to transfer their personal data to other parties. This also applies to depersonalised data that can still be traced back to an individual. On demand, Software Information provides this data in a structured and commonly used electronic open standard.