Data protection is a very important issue for us at Papershift. That is why we have already familiarized ourselves with the General Data ProtectionRegulation (GDPR) and have defined compliance (data protection objectives).
The most important points of the data protection objectives
Legality:
Personal data are only collected and processed legally.
Earmarking:
The processing of personal data shall only be done for purposes that were established prior to the collection of the data.
Data minimization:
Before personal data are processed, the scope and extent to which the data processing is required is checked. If the data are processed, we use anonymized or statistical data. Data retention does not take place.
Correctness and currency:
Personal data are always up to date and stored by us correctly, completely, and to the extent deemed necessary. We do this by taking various measures to ensure that non-applicable, incomplete, or outdated data are deleted, corrected, supplemented, or updated.
Erasure and retention restriction:
We will erase personal data that are no longer required after expiry of statutory or business process-related retention periods.
Confidentiality and data security:
When it comes to your personal data, it is of utmost importance to us that data confidentiality is respected at all times. Personal dealings will always be treated confidentially. This applies to organizational and technical measures, in which your data are safeguarded against unauthorized access, unlawful processing, or disclosure, as well as accidental loss, modification, or destruction.
Transparency:
We will always inform you about how your data are handled. That means that we inform you about the following as soon as your data are collected:
the identity of the responsible authority
the purpose of the data processing
the stored retention periods
thirds parties, or categories of third parties, to whom the data may be disclosed, if required.
We have provided a public procedure log especially for this, which documents all processes that are related to personal data: go to the procedure log.
Data portability:
Data portability for personal data applies. In other words, you can export your data in a machine-readable format at any time, to import it elsewhere. For this purpose, we provide you with numerous standardized exports with which this is possible.
Compliance:
All management and employees are committed to attaining these data protection objectives and upholding the General Data Protection Regulation, as well as supporting the data protection strategy to the best of our ability.
To ensure data protection, we implement technical and organizational measures, transparency, risk management, employee training, and other processes still being established.