Data protection regulations of DEDECKER PRECISION MECHANICS SA
Date 25/05/2018 Version 2.0
The purpose of this document is to provide a concise statement of the rules concerning the data protection obligations of DEDECKER PRECISION MECHANICS. This includes obligations in the processing of personal data to ensure that the company complies with the requirements of the relevant legislation, namely the GDPR. https://www.eugdpr.org/ Rationale DEDECKER PRECISION MECHANICS must comply with the Data Protection principles set out in the relevant legislation. These Rules apply to all Personal Data collected, processed and stored by DEDECKER PRECISION MECHANICS concerning its service providers, customers and staff in the course of its business. Scope of application The rules concern both personal data and sensitive personal information of the persons concerned. The rules apply equally to manually held personal data and to data held in automated form. DEDECKER PRECISION MECHANICS will treat both personal data and sensitive personal information with equal care. Both categories are hereinafter referred to as "Personal Data" in these Rules unless otherwise stated. The Data Retention and Disposal Policy, the Data Retention Period List and the Data Loss Notification Procedure. DEDECKER PRECISION MECHANICS as Data Controller In the course of its daily activities, DEDECKER PRECISION MECHANICS obtains, processes and stores personal data concerning: - Its staff - Its customers - Third party suppliers of raw materials and services who collaborate with it. In accordance with the GDPR, this data must be obtained and managed fairly. It is impossible to require all staff members to be experts in Data Protection legislation. However, DEDECKER PRECISION MECHANICS is committed to ensuring that its staff have sufficient knowledge of the legislation to be able to anticipate and identify Data Protection issues, if any. In such circumstances, staff must inform the Data Protection Officer to ensure appropriate remedial action is taken. These Rules provide guidelines governing the procedure to be followed if a member of DEDECKER PRECISION MECHANICS' staff is unaware that data may be disclosed. In general, the staff member should consult the person responsible for data protection for clarification. Data Subject Access Requests Any formal written request from a Data Subject requesting a copy of their personal data (Data Subject Access Request) will be forwarded, as soon as possible, to the Data Protection Officer and will be dealt with as soon as possible in accordance with the GDPR. In complying with these guidelines, DEDECKER PRECISION MECHANICS will adhere to good practice regarding applicable Data Protection legislation. Data Protection Principles The following key principles are enshrined in the GDPR and are fundamental to the Data Protection Regulations of DEDECKER PRECISION MECHANICS. DEDECKER PRECISION MECHANICS, in its capacity as Data Controller, ensures that all data :
...will be obtained and processed fairly and lawfully. In order to ensure that data are obtained fairly, at the time of collection the data subject shall be informed of - The identity of the data controller. - The purposes for which the data are collected - The persons to whom the data may be disclosed by the Data Controller - Any other information necessary for the processing to be fair. DEDECKER PRECISION MECHANICS will fulfil this obligation as follows: - Wherever possible, the informed consent of the Data Subject will be sought prior to the processing of his/her data. - If this is not possible, DEDECKER PRECISION MECHANICS will verify that the collection of the data is justified according to one of the other lawful conditions for processing, i.e. legal obligation, contractual necessity, etc. - The processing of personal data shall only be carried out within the scope of the lawful activities of DEDECKER PRECISION MECHANICS, which shall protect the rights and freedoms of the Data Subject.
...will be collected for specified and legitimate purposes. DEDECKER PRECISION MECHANICS will obtain data for specified, lawful and clearly stated purposes. A Data Subject shall have the right to question the purposes for which DEDECKER PRECISION MECHANICS holds his or her data and shall be able to state them clearly.
...will not be further processed in a way incompatible with the purposes determined. Any use of the data by DEDECKER PRECISION MECHANICS shall be compatible with the purpose for which it was obtained.
...shall be processed in such a way as to guarantee their security. DEDECKER PRECISION MECHANICS will employ high standards of security to protect the personal data entrusted to it. Appropriate security measures will be taken to protect all personal data held by DEDECKER PRECISION MECHANICS in its capacity as Data Controller against unauthorised access or against alteration, destruction or disclosure. 3 Only duly authorised personnel will be able to access and manage personnel and customer files.
...will be accurate, complete and, where necessary, kept up to date. DEDECKER PRECISION MECHANICS : - verify that administrative and computer validation processes are implemented to regularly assess the accuracy of the data; - conduct regular reviews and audits to ensure that the relevant data is accurate and kept up-to-date. - conduct regular reviews to determine whether it is appropriate to retain certain Personal Data.
...will be adequate, relevant and limited to what is necessary for the purposes for which it is collected and processed. DEDECKER PRECISION MECHANICS will verify that the data it processes in relation to Data Subjects is relevant to the purposes for which it was collected. Data which is not relevant will not be acquired or stored.
...shall not be kept for a period exceeding that necessary to fulfil the specified purposes. Once the retention period has expired, DEDECKER PRECISION MECHANICS undertakes to destroy, delete or otherwise render the data unusable. Data This includes both automated and manual data. Automated data means data stored on a computer or stored with the intention of processing it in a computer. Manual data means data processed as part of an appropriate file or stored with the intention of adding it to an appropriate file. Personal data Information relating to a natural person who can be identified either directly from that data or indirectly in connection with other data that can be legitimately obtained by the data controller. (In case of doubt, DEDECKER PRECISION MECHANICS refers to the definition of the Article 29 Working Party and updated as necessary). Sensitive Personal Information A special category of Personal Data relating to: racial or ethnic origin, political opinions, religious, ideological or philosophical beliefs, trade union membership, mental or physical health, sexual orientation, commission of an offence or crime and conviction for a criminal offence. Controller A person or entity who, alone or together with others, controls the content and use of Personal Data by determining the purposes for which and the means by which it is processed. Data subject A natural person who is affected by the Personal Data, i.e. to whom the data relates directly or indirectly. Sub-processor A person or entity who processes Personal Data on behalf of a Controller on the basis of a formal contract, but who is not an employee of the Controller, and who processes the Data in the course of his or her work. Appropriate file Any set of information about natural persons which is not processed by automated equipment (computers) and which is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information about an individual is readily retrievable.