Responsible Person: Charlotte Noble - firstname.lastname@example.org
Data Protection Policy
1. Definitions as per Article 4:
1.1 GDPR: stands for General Data Protection Regulation
1.2 Personal Data: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified directly or indirectly, in a particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that natural person.
1.3 Processing: means any operation or set of operations which is performed on personal data or on sets of personal data whether or not by automated means such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or
1.4 Restriction of Processing: means the marking of stored personal data with the aim of limiting their processing in the future.
1.5 Profiling: means any form of automated processing of personal data consisting of the use of personal data to evaluate certain aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural persons performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
1.6 Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State Law, the controller or the specific criteria for its nomination may be provided for by Union or Member State Law;
1.7 Processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
1.8 Recipient: means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State Law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
1.9 Third Party: means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor are authorised to process personal data.
1.10 Consent: of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
1.11 Cross-border Processing means either:
a. Processing personal data which takes place in the context of the activities of establishments in more than one member state of a controller or processor in the Union where the controller or processor is established in more than one Member State; or
b. Processing of personal data which takes place in the context of the activities if a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.
2. Principles relating to processing of personal data as per Article 5.
Randridge Technologies is committed to processing data in accordance with its responsibilities under the GDPR.
Article 5 of the GDPR requires that personal data shall be:
a. Processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’)
b. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with
Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’)
c. Adequate , relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)
d. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purpose for which they are processed, are erased or rectified without delay (‘accuracy’);
e. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed solely for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes in accordance with Article 89(1)
subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’)
f. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)
The register deals with the personal data collected from clients (referred to as ‘The Customer’) and the customers of the Data Transfer Service of Randridge Smart EV t/a Randridge Technologies. (Referred to as ‘The Company’)
4. Purposes & Basis for Processing of Personal Data
The purpose of collecting the Customer personal data is to manage and maintain a working relationship between the customer and the company. Furthermore , the use of existing customers' personal data is aimed at direct marketing of services and products of the company. The basis for the
processing of personal data is a legal/real and true interest of the Company or the Customers' (based on a written agreement) relationship with the Company (application of the contract) and, where appropriate, the customer permission.
5. Personal Data to be Processed:
Using its Customer Register, the Company processes the following Personal Customer Information:
- Customer name
- Customer’s contact information (postal address, email address and contact details)
- Customer username
6. Regular Sources of Information
Personal information collected from the Customers themselves) e.g. contact details of the data subject via the company’s website, and the written agreement between the company and the customer.
7. Regular Transfers of Personal Data
Personal data is not revealed to third parties and will not be disclosed. Personal data may be passed on behalf of the company to the following affiliates and subcontractors for the purposes of customer relationship management and maintenance. The company works with the following partners and subcontractors at the moment: Liikennevirta Oy.
8. Transfers of Personal Data Outside the EU or EEA
The company may also use other services provided outside the European Union or the European Economic Area for the storage of personal data. The transfer of personal data outside the European Union or the European Economic Area is always focused on any of the following:
- The European Commission has provided that in the recipient country concerned an acceptable degree of data protection will be ensured;
- The organization has adopted sufficient protections for the transfer of personal data, using standard terms of privacy authorized by the European Commission. The registrant is then entitled to obtain a copy of these standard terms by contacting the Company as defined in the' contacts' paragraph or;
- The data subject has given his / her express consent to the transfer of his / her personal data or there is a legitimate basis for the transfer of personal data.
9. Retention of Personal Data
So long as the customer relationship remains legitimate, personal information is kept. Personal data may be retained for a maximum of one year after the termination of the customer relationship. Personal data may be retained when longer storage periods are needed by applicable law (e.g. the Accounting Act) or the Company's contractual obligations to a third party.
10. Registration Rights
At any point, the consumer has the right to object to the collection for direct marketing purposes of his / her personal data. The customer may give specific consent and prohibitions to the company with regard to direct marketing (for example, he / she may forbid marketing e-mails but may permit marketing messages sent by post). Furthermore, the customer is entitled to demand compliance with relevant data protection laws at any time, namely:
- To receive information on the processing of his / her personal data
- To obtain access to his / her personal data and to check how that personal data is handled by the company;
- To request rectification and/or replacement of incomplete and/or inadequate personal data
- To request the deletion of his / her personal data
- To his / her personal situation, even if his / her personal data is processed, even if the processing of said personal data is the legitimate interest of the company.
Collecting personal data in a portable format and transferring this information to another registrar, ensuring that the customer is personally responsible for this. Consumers should submit a request for the execution of the above-mentioned rights using the contract details shown in the report. Until processing this request, the Company can require the Customer to provide details of his / her request in
writing and to verify the identity of the Customer. Based on applicable law, the Company may refuse to execute the request.
11.The Right to Appeal to the Supervisory Authority
The Customer shall have the right to lodge a complaint with the relevant supervisory authority or with the supervisory authority of the EU Member State where the Customers place of residence or work and if the registrant considers that the company has not handled the personal data in compliance with
applicable data protection laws.
Any digitally processed personal data is protected and stored in the information system of the Company, which is only accessible to persons who need this information in order to fulfil their legitimate duties. Both people have access to their personal usernames and passwords respectively.
Personal information sent outside the organization is encrypted.