Privacy and personal data
On 25 May 2018, the new EU Data Protection Regulation, GDPR (General Data Protection Regulation) was in place. In short, it is an EU regulation that aims to strengthen the protection of private individuals when processing personal data. When it entered into force, it replaced the Data Protection Directive of 1995, as well as the then national regulations of all Member States. In the case of Sweden, it was about PUL, the Personal Data Act.
GDPR also imposes new requirements on all companies, authorities and organizations that collect and handle personal data. In simple terms, GDPR concretises the regulations regarding the protection of personal data, and clarifies the responsibility for data that is handled and stored. It is important that you who store, or otherwise process, personal data familiarize yourself with the basics of the GDPR.
Here you can find information about GDPR and what it means:
To keep in mind when processing personal data in our services
Some concrete tips we can give when it comes to personal data processing linked to our services are:
• Do not process personal data that you do not need (regardless of consent) and if possible – refrain from processing extra sensitive data (id numbers, criminal records, medical journals etc) as this require extra steps.
• Make sure that the information you process is covered on a legal basis.
• Make sure that you are aware of your obligations as a data controller.
• Use encrypted protocols for e.g. your web, email and file transfers.
• Keep your applications where data is processed secure, constantly updated and restrict access to data as much as possible.
Important documents for you as a customer
We have gathered some important documents that apply to you as a customer of Binero.Cloud since the GDPR came into force.
- General Terms & Conditions (Swedish)
- Terms and conditions regarding custom infrastructure services (Swedish)
- Data protection policy (Swedish)
- Data processor agreement (DPA) (Swedish)
- Processing of personal data (Attachment 1 to the DPA)
Binero as personal data controller
We act as personal data controller (controller) for you as a customer, and for the information you enter when registering to our services. This means that we assume the responsibility that applies within the GDPR for data controllers regarding the processing of your personal data. Our customers can in turn be responsible for personal data for information they collect and store in our services, and our role can in that case be “data processor” to our customers. In the document “Data protection policy” you will find all information that applies to you as a client with us.
Binero as data processor
For clients who on their end store other individuals personal data within our services, we might act as a data processor. This is something that is important mainly for you as a customer to keep track of and you as a personal data controller need to make sure that you have an agreement regarding any subprocessors. This is something that we have developed together with our legal partners and applies to all our cloud customers. That agreement (the “DPA”), together with Appendix 1, our general terms and conditions and our data protection policy is the collection that you should use when you consider us as a data processor.
We work continuously with our law firm to have the best agreements and conditions possible, and have built up good routines and systems for data protection and GDPR processes with the help of external suppliers who works exclusively with this.
Trained and aware staff
We have regular internal training for all our employees in all departments. We also have cutting-edge expertise and supplier / system support to keep us updated and work actively to comply with the directives and try to make this easier for our customers as well.
We are certified both according to the quality standard ISO 9001, environmental management ISO 14001 and the information security standard ISO 27001 and have met the strict requirements for routines, processes and various systems contained in these.
Other important information about how we work with GDPR, both as an processor and controller, can be found in our data protection policy and our appendix to the DPA, which describes how we process personal data in our capacity as data processor