|Company:||Umates A/S, Tune Parkvej 5, 4030 Tune|
|GDPR||means the general EU regulation on data protection.|
|Responsible person:||Kim T. Rasmussen|
1. Data protection principles
Umates A / S is obliged to process data in accordance with its responsibility in accordance with the law in connection with GDPR.
Article 5 of the GDPR requires that personal data:
- lawfully, fairly and in a transparent manner in relation to individuals
- Collected for explicitly stated and legitimate purposes and not processed in a way that is incompatible with purposes which are not in the interest of individuals and are not incompatible with the original purposes
- sufficient, relevant and limited to what is necessary in relation to the purposes for which they are treated and used
- accurate and, where necessary, up-to-date, all reasonable measures must be taken to ensure that personal data which are incorrect in relation to the purposes for which they are processed is immediately deleted or corrected;
- stored so that it is not possible to identify the data subjects for longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for extended periods to the extent that personal data will be processed only for archival purposes and statistical purposes covered by the implementation of the relevant technical and organizational measures required by the GDPR to protect the rights and freedoms of individuals; and
- processed in such a way as to ensure adequate security for the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by appropriate technical or organizational measures.
2. General provisions
- This policy applies to all personal information processed by Umates A/S.
- The responsible person at Umates takes responsibility for ongoing compliance with this policy.
- This policy must be reviewed at least once a year.
3. Legal, fair and transparent treatment
- In order to ensure that the data processing is legal, fair and transparent, the company maintains a register of systems used.
- The system registry is reviewed at least once a year.
- Individuals have the right to access their personal data and all such requests are processed in a timely manner.
4. Legal purpose
- All data processed by the company must be made on one of the following legal basis; consent, contract, legal obligation, vital interests, and / or legitimate interests (see the EU reform for further information).
- The company must record the relevant legal basis in the register of systems.
- If consent is claimed as a legitimate basis for data processing, there must be evidence of opt-in consent to the personal data.
- If communication is sent to people on the basis of their consent, the ability of the individual to revoke their consent should be clearly available and there are systems that ensure that recall is accurately reflected in the systems.
5. Data minimization
- The Company shall ensure that personal data is sufficient, relevant and limited to what is necessary for the purposes for which it is processed.
- Users have access to their data online and can update and delete information.
- The company takes the necessary measures to ensure that personal data is correct.
- Where necessary for the legal basis of the processing of the information, it shall ensure that the personal data is kept up to date.
7. Filing / removal
- To ensure that personal data is not stored for longer than necessary, Umates A / S must introduce an archiving policy for areas where personal data is processed and review the process annually.
- The archiving policy must contain which data must / must be preserved, how long and why.
- The company must ensure that personal data is stored securely using modern, up-to-date software.
- Access to personal data is limited to those who need access, and appropriate security should be introduced to avoid unauthorized exchange of information.
- When deleting personal data, this should be done safely so that the information cannot be recovered.
- There must be appropriate backups and solutions for recovery after breakdown.
In the event of a breach of security leading to accidental or illegal destruction, loss, modification, unauthorized disclosure or access to personal data, Umates A / S shall immediately assess the risk of persons’ rights and freedoms and, if appropriate, report such breach to Personal Data Regulation (Additional information on the EU reform) within 48 hours.