GDPR, General Data Protection Regulation, is an essential protection of our privacy in a world where the role of internet and personal data never stops to grow. This new regulation gives people the right of sovereignty over personal data and establishes responsibility to organizations using data.
Who is concerned?
- Any person living in the European Union
- Any organization based in the European Union
- Non-EU members if their activity makes them use data from European residents
- Data treatment must be clear, explained, and transparent;
- The reason for data collection must be clearly explained, determined and justifiable by the organization;
- The organization must obtain consent of their users, or their parents/custodians in the case of minors (<16 years old);
- The use of data must be protected by a contract and serving the interest of both the user and the organization, with well-grounded reasons to use it;
- The agreement must be provable by the organization. The individual has the right to stop this agreement whenever he/she wants, and the organization needs to clearly state when they are using any of the individual’s personal data.
SOWISO is of course fully compliant with the GDPR, and luckily, we didn’t have to change the way we handle personal data. User-provided personal data has always only been used by us to ensure correct access to, and functioning of, purchased (or free) products. For example: making sure User is categorized in correct class/institution. We also don’t don’t share personal data with third parties, except with explicit consent from the users.
These are some of the ways in which we handle personal data and privacy:
- Because we value privacy, we were one of the firsts to join the Privacyconvenant Onderwijs; a .
- Our data processing agreements are based on the national (SURF) standards.
- We are of course also putting our money where our mouth is, and are We are tested and supported by ICT Institute and ITsec Security Services.
- SOWISO will only store the data as long as needed for the user to use the SOWISO products and no longer than needed to comply with education laws specifying the storage of student-data. In general data will be deleted within 12 months after last user activity, unless the data has to be retained for legal purposes.
- Every user has the right to review and change personal data, or be forgotten entirely. We have now made this a part of our official privacy statement. Deleting all data of a user also means that the user cannot use the SOWISO products anymore and that his study results are deleted.
- We have a processing activities register (Dutch: verwerkingsregister), containing information on what personal data is being processed, and how we do so.
Would you like to know more about our technical and organizational measures, you can contact us at firstname.lastname@example.org or through our contact form.