GDPR by easycom

Introduction

This is a summary of the activities Easycom have done or is planned to be done in the product and in the organization to be able to reach the requirements that GDPR states on us from 25:th of May 2018.

Summary

With help of functionality in our user interface and through API´s, Easycom can offer the activities needed according to GDPR and our role as “biträden” of your data. Data related to your customer in our system is related to personal information connected to your sell and return orders. No username and/or password for your customers are handled by the system.

Because of the GDPR demands, Easycom representatives has been educated within the area.

End customer request of being erased from your repositories

Removing customer data in Easycom equals to anonymizing personal data connected to orders. The order information (except personal data) is kept on an aggregated level to be able to deliver our services.

The functionality related to anonymise personal data will be found in your administration user interface. There will also be API services available for you to be able to integrate internal GDPR processes and by that automate removal of specific customer data.

Request for customer information

Personal data including profitability classification will be possible to export from your admin user interface. The information will be delivered in a format readable for a machine/software according to the GDPR requirements.

Data portability – migration of personal data

If a customer wants to get information out from your systems to be able to be used in other systems, the same processes/routines as in “Request for customer information” will be used. The information is by that readable for a machine/software and are by that supporting data portability in a good way.

Secure storage of personal data

The Easycom solution follows the latest techniques related to how to secure data communication and storage. Anonymization of data is performed where it´s possible and role-based authority system limits the access to data and secures that each role has access to the data of their interest only.

Feature examples supporting secure storage are:

• Access control – Role based user management.
• Anonymized statistics – Statistics is performed with help of aggregated data and is by that anonymized where it´s possible.
• Password management – Your end customer do not have any passwords in our systems but you as a customer to Easycom has a user and password. Those users and passwords are stored encrypted according to the technology standards available at time of writing.
• SSL is used throughout the system – SSL is used on all the services and sites provided by Easycom.
• Backups – Backups follows the backup routines in Microsoft Azure which follows the GDRP requirements from 25th of May 2018.

Secure operations

We operate your data according to your instructions which will be stated in a Data Processing Agreement between us. That means you are responsible to hand over such an agreement to us depending on the level of sensitivity for the data we are processing.

We are operating your data in Microsoft Azure who will follow GDPR from the 25th of May. More information about their operations and GDPR work can be found here: https://www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx

Microsoft Azure is a certified according ISO/IEAC 27018 which ensures that we have full insight in in what countries data is stored. Yearly audits are performed to secure that Microsoft Azure follows this standard. Details around this work and the standard can be found here: https://www.microsoft.com/enus/trustcenter/compliance/iso-iec-27018

All external communication in and out from Easycom solutions is encrypted.

Subcontractors

We state demands on our subcontractors through agreements which are in line with our internal GDPR work.

Categorization of personal data

Easycom has categorized the personal data we handle as “personuppgiftsbiträde” from a sensitive level point of view according to GDPR demands.