Personal data management policy (GDPR)

Personal data management policy (GDPR)

The purpose of this policy is to ensure that we handle personal data in accordance with the EU General Data Protection Regulation (GDPR). The policy covers all processing operations where personal data is handled and includes both structured and unstructured data.

This policy is supported by our owners, board of directors and our employees.

Application and revision

The Board of directors is responsible for ensuring that the processing of personal data complies with this policy.

The policy shall be adopted by the Board of directors at least once a year and updated as necessary.

Our Chair is responsible for managing the process of updating the policy annually in response to new and changing regulations.

This policy applies to company directors, employees and contractors involved in our activities.

Organization and responsibilities

The Chair of the Board of directors has the overall responsibility for the content of this policy and for its implementation and compliance by the business.

All employees are responsible for acting in accordance with this policy and what it seeks to ensure.

Terms and abbreviations

Personal data: Personal data is any information that can be directly or indirectly attributed to a living natural person.

Data subject: The person to whom a personal data relates, i.e. the natural person who can be directly or indirectly identified from the personal data in a register.

'processing of personal data' means any operation or set of operations performed on personal data - whether or not by automated means - such as collection, recording, organization and structuring.

Processing of personal data

Any processing of personal data shall be carried out in accordance with the following principles:

  • Legality
  • Purpose limitation
  • Task minimization
  • Correctness
  • Storage minimization
  • Privacy and confidentiality

Monitoring and evaluation of our processing of personal data shall be carried out at least annually.

Any incidents relating to personal data that we process must be reported without delay to Christel Brink who, without undue delay and within 72 hours at the latest, must report the incident to the Swedish Data Protection Authority and otherwise take the necessary measures as a result of the incident.

Our requirements for handling personal data in accordance with the GDPR must always be ensured in the procurement and development of IT solutions and services, and must be part of the requirements specification and any agreements.

Tangaroa AB - 2024-05-06

offer
All offersExecutive coachingBusiness and operational planningChange managementLectures and trainingBusiness BasecampB4Business
consultants
All consultantsMagnus BrinkChristel Brink
about us
About usClientsAssignmentsWho is Tangaroa?The bookThe adventure film
policies
Quality and EthicsNature and EnvironmentGDPR
contact
English
Tangaroa AB 2007-2024. all rights reserved.
Privacy policyCookies Settings
Website designed and developed by Aiko Takemura