This is a compilation of questions and answers we have gathered regarding GDPR (General Data Protection Regulation).
Q. Who is responsible for maintaining a data processing agreement?
A: It is a shared responsibility among the companies involved.
Q. What type of personal data is in our systems?
A: The following applies to iChemistry and iDistributor:
- First and last name
- Email address
- Employee ID
- Phone number
Q. Where is the data stored?
A: Within the EU.
Q. There is personal data in our risk assessments. Is it okay to save it according to GDPR?
A: Regarding risk assessments, other regulations apply, and saving personal data is OK.
Q. Who is responsible for the removal of personal data when an employee terminates employment?
A: Data Controller.
Q. We save personal data in History and in the risk assessment functions. Is it okay to save it here?
A: We use personal data deemed necessary for the system.
Q. What measures have we taken to ensure the transfer of personal data?
A: This is done through SCC agreements, i.e., Standard Contractual Clauses (SCC)
Q. When is the transfer outside the EU/EEA allowed?
A: Under certain conditions, it is allowed to transfer personal data outside the EU/EEA-
There is a decision from the EU Commission that a specific country outside the EU/EEA ensures an adequate level of protection.
- Appropriate safeguards have been taken, such as Binding Corporate Rules (BCR) or Standard Contractual Clauses (SCC).
- Special situations and individual cases.