Elastisys Privacy Plan
- Comply with EU GDPR
- Comply with EU ePrivacy Directive
- Comply with EU Digital Services Act
- Act as a frontrunner in privacy and data protection
- The Data Protection Officer (DPO) is overall responsible for compliance with data protection regulations.
- Elastisys acts as:
- A Data Processor, when processing Customer Data (“data of customers”) as part of our offerings.
- A Data Controller, when processing prospect lists (“data on customers”) and employees personal data.
- A Joint Data Controller in relationship to the company LinkedIn, Instagram, Twitter and YouTube Pages.
- As a Data Processor, Elastisys processes all Customer Data (including personal data) under the Data Protection Agreement at ToS A1.
- As a Joint Data Controller:
Where to put privacy policies?
- Clearly mark when the data subject exits Elastisys digital properties.
Social media appearance: For people who are not regularly present on social media, or who might not expect to appear on social media, please proceed as follows:
Ask via email and CC email@example.com the following question:
We're planning to share a picture on our social media, and you're in the image. We want to make sure we have your consent before posting it. The choice is entirely yours. Could you kindly reply with a simple "yes" or "no"? Your response is much appreciated. Thank you!
The Commercial function keeps consents received via email in a special folder.
What about cookies?
- Only use strictly necessary cookies and similar technologies.
- What data to process?
- Minimise personal data collection. Use anonymization and pseudonymisation where appropriate, e.g., IP addresses can be trimmed to their /24 subnet.
- How to safeguard personal data?
- Minimise access to collected personal data.
- Minimise retention of personal data.
- Always use encryption-in-transit.
- Use encryption-at-rest as much as possible.
- How to choose suppliers?
- Use Swedish and EU suppliers as much as feasible.
- The DPO has final sign-off authority on any changes in personal data flows.
- What about continuous improvement?
- The DPO performs regular privacy audits.
- What if something doesn’t look right?
- Report deviations from these guidelines to our DPO or via our deviation management process.
- Report any suspected breaches to our DPO.
IT Systems Outside this Privacy Plan