The General Data Protection Regulation (GDPR) is the legal framework for processing personal data in Europe, effective from May 25, 2018. The GDPR applies directly across the European Union and does not require national transposition. It promotes the harmonization of legal regimes regarding data protection in Europe and includes a principle of extraterritoriality, allowing its scope to extend beyond European borders. If you are an organization processing personal data, it is highly likely that you are subject to the GDPR. The same applies to Humans Matter, which, depending on its role, will comply with distinct obligations as either a data processor or data controller.
To facilitate understanding, it is important to define a few key terms:
– Personal data: any information relating to an identified or identifiable natural person, directly or indirectly.
– Processing: any operation performed, whether or not using automated methods, on personal data (collection, recording, storage, retention, extraction, transmission, consultation, use, interconnection, etc.).
– Data controller: the natural or legal person, public authority, service, or other body that, alone or jointly with others, determines the purposes and means of processing.
– Data processor: the natural or legal person, public authority, service, or other body that processes personal data on behalf of the data controller.
– Process personal data solely for the purposes of properly executing the processing entrusted to it by the data controller.
– Select its subcontractors by ensuring that they themselves commit to comply with the GDPR, and inform you in case subcontractors are used who may process your personal data.
– Implement high security standards for your data.
– Notify you as soon as possible in the event of a data breach.
– “Privacy by design”: design solutions taking into account data security and confidentiality from the outset.
These commitments are concretely reflected in the Humans Matter product Terms of Service. We have data processing contract templates for situations where specific conditions are required.
Humans Matter is considered a “data controller” when it determines the purposes and means of processing personal data.
– Obtain the informed consent of the user providing their data: Consent in the context of a commercial relationship, Consent for a service trial, Consent in the context of a contractual relationship, Direct consent.
– Retain personal data for a limited and proportionate period.
– Implement appropriate technical and organizational measures to ensure a high level of security.
– Limit data collection to only what is strictly necessary.
– Do not use collected data for purposes other than those for which it was collected.
– Guarantee GDPR rights to users upon request: deletion, non-profiling, portability, rectification.
Humans Matter drives continuous improvement actions on security and privacy with a risk-based approach and the support of a quality management system certified ISO 13485. A dedicated working group has mapped data processing activities, involving Humans Matter, which serves as a basis for monitoring actions on the subject.
Our Data Protection Officer, Roland Hildebrandt, will answer any additional questions you may have on this subject : dpo@humansmatter.co
