The General Data Protection Regulation (GDPR) is a new legal framework for data protection legislation in the EU and comes into force on 25 May 2018. Unlike EC Directive 95/46, which governs this processing before this point, the GDPR has a direct effect within the European Union and does not need to be transposed at national level. This will seek to harmonize the laws governing the processing of personal data in Europe and, under certain circumstances, its scope can be extended beyond the borders of Europe.
If you are an organization that processes personal data, you are most likely to be subject to the GDPR provisions. In this sense, you are subject to obligations and you must respect them. The same applies to Swiss EstetiX SRL, which, given its situation, is bound by different obligations as a processor and data controller.
Understanding the specific realities of European regulations is not an easy task when the GDRP regulation contains 99 articles and numerous guidelines on how it will apply. Understanding these issues is, however, essential to avoid any risk that might arise from an imprecise interpretation of your organization’s regulatory obligations. It is therefore essential to understand correctly the terms defined below:
Personal Information: Any information relating to an identified or identifiable real person. An identifiable real person is defined as any real person who can be identified directly or indirectly.
Processing: Any operation or set of operations that is performed on personal data or on personal data sets, whether automated or not, such as collecting, recording, transmitting, storing, preserving, retrieving, consulting, using or other operations.
Operator: a natural or legal person, public authority or other body that alone or with others determines the purposes and means of processing personal data.
Processor: a natural or legal person, public authority or other body processing personal data on behalf of the operator.
Data protection ensures that people’s data is kept secure and used for clear purposes that the individual has accepted.
Data privacy refers to IT security and to measures taken to keep data safe while in an organization or while it is transferred to a third party.
In accordance with GDPR, you are required to make sure that the records are accurate and up to date, and the information is kept only as long as the organization needs it or kept under the law.
Data clearing seems the most sensible first step, this should determine how long certain types of information should be kept before they are safely removed. A person designated in the company should be appointed as responsible to ensure that this is regularly monitored; so the organization respects the deletion of data it no longer needs.
If you have not set the data you want to process, the processing time, or the purpose, please let us know in order to comply with the Rules. Swiss EstetiX SRL as processor
Processing of personal data only for the purpose of performing the services correctly: Swiss EstetiX SRL will never process your information for purposes other than for the provision of services (marketing, etc.).
Apply strict security standards on servers and infrastructure to ensure a high level of security for our customers.
Reporting any violations of data without “undue delay”.
As an authorized person, from the perspective of the Regulation, we process only the personal data you have set up for the indicated time and for your purposes as an operator. We assure you that your data is safe, remain your property and are stored only on servers in Romania.
The back-up system is well-implemented and secured in the European space, and no one outside our technical department staff has access to these systems.
Swiss EstetiX SRL as operator
Your personal data may be processed by other entities designated by Swiss EstetiX SRL to process the data on its behalf and on its behalf. However, Swiss EstetiX SRL remains your data carrier. Thus, it is possible to transmit the data to public authorities, external consultants, empowered to whom we outsourced the provision of certain services from Romania