The General Data Protection Regulation (GDPR) is the legal framework for the processing of personal data in Europe, as of May 25, 2018. The RGPD is directly applicable in the Union and does not require national transpositions. It will promote the harmonization of data protection legal regimes in Europe and has a principle of extraterritoriality that allows its scope of application to be extended beyond European borders.

If you’re a structure processing personal data, there’s a good chance you’ll be subject to the provisions of the RGPD. The same applies to Humans Matter, which, depending on its situation, will comply with distinct obligations: in its capacity as processor or data controller.

Definitions

To facilitate understanding, it is important to define a few key terms:

• Personal data: any information relating to an identified or identifiable natural person, directly or indirectly.
• Processing: any operation performed on personal data, whether or not by automated means (collection, recording, storage, keeping, retrieval, transmission, consultation, use, interconnection, etc.).
• Data controller: the natural or legal person, public authority, department or other body which, alone or jointly with others, determines the purposes and means of processing.
• Sub-processor: the natural or legal person, public authority, department or other body that processes personal data on behalf of the controller.

Humans Matter’s commitments as a processor

• To process personal data solely for the purposes of carrying out the processing entrusted to it by the controller.
• To choose its subcontractors by ensuring that they themselves undertake to comply with the RGPD, and to inform you in the event of recourse to subcontractors who could process your personal data.
• Implement high security standards for your data.
• Notify you as soon as possible in the event of a data breach.
• privacy by design”: design your solutions with data security and confidentiality in mind, right from the start.

These commitments are set out in Humans Matter’s General Terms of Service. We have contract templates for data processing when specific conditions are required.

Humans Matter’s commitments as data controller

Humans Matter qualifies as a “data controller” when it determines the purposes and means of processing personal data.

• Obtain the informed consent of the user who entrusts us with his/her data: Consent in the context of a commercial relationship, Consent for the trial of a service, Consent in the context of a contractual relationship, Direct consent.
• Retain personal data for a limited and proportionate period.
• Implement appropriate technical and organizational measures to guarantee a high level of security.
• Limit data collection to that which is strictly necessary.
• Not to use collected data for purposes other than those for which it was collected.
• Guarantee the rights required by the RGPD to users if they so request: deletion, non-profiling, portability, rectification.

Humans Matter steers its continuous improvement actions on security and confidentiality with a risk-based approach and the support of a quality management system that is ISO 13485 certified on the scope of our subsidiary HAPPYneuron. A dedicated working group has produced a data processing map, in which Humans Matter is involved, and which serves as a basis for monitoring actions on the subject.

Contact

Our Data Protection Officer, Roland Hildebrandt, will answer any further questions you may have on the subject.
dpo@humansmatter.co