The European regulation GDPR 2016/679 is the protection of natural persons with regard to the processing of personal data and the free movement of personal data.
This regulation is an essential step to strengthen the fundamental rights of individuals in the digital age and facilitate business by clarifying the rules for companies and public bodies in the digital single market. A single law will also eliminate the current fragmentation between different national systems and unnecessary administrative burdens.
a. Accurate and, where necessary, kept up to date; all reasonable steps should be taken to ensure that personal data which are inaccurate, in relation to the purposes for which they are processed, are erased or rectified without delay;
b. Retained in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be retained for longer periods insofar as the personal data are processed solely for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, provided that appropriate technical and organizational measures required by the GDPR are implemented to safeguard the rights and freedoms of individuals; and
c. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures."
a. This policy applies to all personal data processed by BetterKnowledge4all.
b. The responsible person will be responsible for BetterKnowledge4all's ongoing compliance with this policy.
c. This policy will be reviewed at least annually.
d. BetterKnowledge4all will register with the Information Commissioner's Office as an organization that processes personal data.
Legal, fair and transparent treatment
a. To ensure that data processing is lawful, fair and transparent, BetterKnowledge4all will maintain a system log.
b. The System Log will be reviewed at least annually.
c. Individuals have the right to access their personal data and any such request made to BetterKnowledge4all will be dealt with in a timely manner.
a. All data processed by BetterKnowledge4all must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public function or legitimate interests (for more information, please refer to the ICO guidance).
b. BetterKnowledge4all will note the appropriate legal basis in the System Registry.
c. Where consent is invoked as a lawful basis for processing data, proof of consent will be retained with the personal data.
d. Where communications are sent to individuals on the basis of their consent, the option for the individual to revoke their consent will be clearly available and systems will be in place to ensure that such revocation is accurately reflected in BetterKnowledge4all's systems.
a. BetterKnowledge4all will ensure that personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
a. BetterKnowledge4all will take reasonable steps to ensure that personal data is accurate.
b. Where necessary for the lawful basis on which the data is processed, steps will be taken to ensure that personal data is kept up to date
Archiving / disposal
a. To ensure that personal data is retained for as long as necessary, BetterKnowledge4all will establish an archiving policy for each area in which personal data is processed and will review this process annually.
b. The archiving policy will consider what data should/should not be retained, for how long and why.
a. BetterKnowledge4all will ensure that personal data is stored securely using modern, up-to-date software.
b. Access to personal data will be limited to personnel who need access and appropriate security will be in place to prevent unauthorized sharing of information.
c. When personal data is deleted, it will be done in a secure manner so that the data is irretrievable.
d. Appropriate backup and disaster recovery solutions shall be in place.
In the event of a security breach resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data, BetterKnowledge4all will promptly assess the risk to the rights and freedoms of individuals and, if appropriate, report this breach to the ICO (more information on the ICO website).
END OF POLICY
Harju maakond, Tallinn, Lasnamäe linnaosa, Lõõtsa tn 5, 11415