GDPR and IT security
Feel safe with Vinna Matchen
The EU's new law on personal data, commonly referred to as the GDPR *, came into force in force on 25 May 2018.
We want you as a customer with us to feel secure with how we handle personal data. Therefore, we have handled the changes required for the GDPR adjustment.
* GDPR stands for General Data Protection Regulation and is a new data protection regulation from the EU. GDPR replaces the current Personal Data Act (PUL). The law is there to protect the privacy of individuals and intends to modernize, harmonize and strengthen protection within the EU.
Where can personal information be found in Vinna Matchen?
The web applications
In the web application itself, there are registers for users and their login information (name, e-mail, password) as well as names linked to business / business-critical information (improvements, other matters, comments, meeting minutes, uploaded attachments, process descriptions and survey responses where standard is anonymous surveys).
Files for data loading
The files that are emailed in for data loading in some cases contain data that is counted as personal data.
How do we ensure that personal data is protected and the rights of data subjects are fulfilled?
Vinna Matchen helps our customers to comply with the GDPR in the role of personal data assistant and is responsible for the technical security measures and ensures that the storage and access to the personal data takes place securely. As a customer, you are responsible for all processing of personal data in the web application.
✓ Only goal control information must be stored in the Win Match
According to the GDPR, a business has the right to store information that is necessary to be able to run the business. This is the type of information that Vinna Matchen's web application is made for and we encourage our customers to only register what is necessary for the purpose. Our surveys are anonymous by default, but if the customer designs a survey so that the answers can be linked to a person, we urge customers to add to an initial question about approval of data storage in the survey.
✓ Responsible for processing personal data in our web application
All processing of personal data in our web application Vinna Matchen, you as a customer are responsible for personal data. Vinna Matchen AB is a personal data assistant and takes technical and organizational security measures to make you feel secure that your personal data is processed securely.
✓ Information to users
New users receive GDPR information when they register themselves as users.
✓ The right to be forgotten and extracts from personal data
We or our customers can already today remove users from the web application. The web application retrieves the users' e-mail addresses where these need to be written, for example to assign responsibility for an action. Which also simplifies for register extracts and for the right to be forgotten.
✓ Control of IT security
Our web application incl. its data is stored in Sweden with high security both technically and with regard to monitoring. There is redundancy for storage and networks with failover as well as redundant cooling / climate systems and for electricity supply. Backup is taken daily and saved for 14 days by default. We have also replaced the website's SSL / TLS certificate and have encrypted e-mail. We also apply "Privacy by design / default", ie in the development of the web application we take into account not to store more than necessary personal data.
✓ Handling and deleting data
The web application only uses the customer's data for his own needs. Customer data is saved during the time the business is a customer of Vinna Matchen. Data files that are emailed in are usually deleted after 3 months or based on when the data file is not needed for any restoration of data in dimensions. Users' email addresses are also protected from other uses. In addition to the customer's own e-mails, they only receive Vinna Matchen's own e-mails with relevant user information, these news e-mails have a simple deregistration function.
Read more about GDPR on the Privacy Protection Agency 's website .
