General Data Protection Regulation
Safety Line solutions manage information (email addresses…) which is called “personal data” in the General Data Protection Regulation (GDPR) in force since 25th May 2018.
Therefore, if you are one of our customers, you are subject to the provisions of GDPR for:
- Your relation with us, because we act as a subcontractor (article 28 of GDPR)
- Your relation with your employees, because you are in charge of personal data management through our solutions
Furthermore, we manage personal data to communicate by email with our solutions administrators and prospects. For this reason, we are controller.
2. Definition of main concepts
The GDPR is a dense and complex document in which the prescriptions leave sometimes room for interpretation or seem to be abstract. However, it is important to know 4 definitions to better understand it.
1) Personal data: Any information relating to an identified or identifiable natural person (…). The term “personal data” is frequently used.
In our software solutions an email or in some cases an event notification are considered to be personal data.
2) Special categories of personal data: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, party or trade union membership, sexual orientation or genetic and biometric data are considered sensitive data by the GDPR and the processing is prohibited, with some exceptions, notably relating to the processing with the explicit consent of the persons concerned.
By default, the data is not processed by Safety Line.
3) Controller: Each person or legal entity that determines the purpose and means of collecting personal data. The controller is in charge of the respect of the GDPR inside the organization, notably the respect of the collaborators rights (access right, right to erase, etc.).
All our customers are controllers.
4) Subcontractors: Each person or legal entity processing personal data on behalf of the controller. Safety Line has a subcontractor status with all customers.
3. Safety Line commitments as a subcontractor
If you are a Safety Line customer, then we are your subcontractor. Accordingly, we hereby commit ourselves to respect the obligations, as defined in Article 28 of the GDPR.
We make the following commitments:
- Only process collaborators personal data for the delivery and performance of online Safety Line services which have been subscribed. We will never sell or use your collaborator’s data for marketing purposes.
- Access to personal data is restricted to Safety Line employees duly authorised to assist you and providing support.
- Generate awareness among our collaborators regarding personal data confidentiality and if appropriated form them for the applicable data protection legislation.
- Not to transfer your data outside of the EU.
- Inform you about any change of subcontractor used to stock or process your personal data and make sure that all subcontractors are compliant / in line with it.
- Guarantee a high level of data safety and protection
- Inform you within 24 hours in cases of data breach.
4. Your obligations as data controller
You manage your collaborators’ personal data through our solutions.
Accordingly, your collaborators do have rights over this data. It is your responsibility to permit them to exercise their rights. Safety Line solutions help you to fulfil this obligation.
1) Right of access (article 15 of GDPR): The data subject shall have the right to obtain from the controller the access to those data.
Depending on the solutions set up, collaborators have access to their information (or can request an access). Only you as a controller must or not give your collaborators this opportunity.
2) Right of rectification (article 16 of GDPR): The data subject shall have the right to obtain from the controller the rectification without delay of inaccurate or incomplete personal data.
SafetyCube allows collaborators to modify all or part of their personal data themselves.
3) Right of oblivion (article 17 of GDPR): The data subject shall have the right to obtain from the controller without delay of the erasure of his data.
SafetyCube allows erasing data.
5. Safety Line commitments as a data controller
We may collect your personally identifiable information (“Personal Information”) for customer, supplier and prospect management and for contract enforcement with our customers.
In particular, we use users personal data (name, professional email address, role) to communicate with them and provide them with functional and technical assistance and information about news and latest developments of our solutions.
It is possible for the administrators to desativate the reception of this information but in that case, it is possible that they do not receive the messages informing them about our solutions’ functionalities.
- Be limited to collecting only essential data
- Not use the data collected for other purposes than those intended
- Give the administrators of our solutions the right of access, of rectification or oblivion regarding their personal data.
- We employ sophisticated technical and organisational security measures to protect this data