Personal data management policy
1. Purpose and concepts
The purpose of this policy is to ensure that RMD handles personal data in accordance with the European Data Protection Regulation (GDPR).
Personal data is any information that can be directly or indirectly attributed to a living person. For example name, image, social security number, contact information, behavior or IP address.
The policy covers all the ways in which personal data is handled, such as collection, registration and storage. It comprises both structured and unstructured data.
2. Organization and responsibility
The CEO has overall responsibility for the content of this policy and that it is implemented and enforced by the business. The CEO might delegate the responsibility of this policy to a Security Manager. All employees are responsible for acting in accordance with this policy. Follow-up and evaluation of our handling of personal data is done at least annually.
3. Collection and processing of personal data
RMD collects personal data to maintain contact with customers, investors and other stakeholders. The register can be used for example to deliver newsletters or log in to the website.
Personal data should only be processed for specific and explicit purposes and should not be used for anything beyond these purposes.
The data is stored on secure servers according to current legislation. It is deleted when the purpose of the treatment has been completed.
Partners who work on behalf of RMD may have access to personal data needed for a specific task.
RMD may also disclose personal data to third parties such as the police or other authorities, if it is a crime or if we are otherwise obliged to disclose such information with the support of law or authority decisions.
6. Legal basis
All personal data is handled per applicable legislation. RMD handles the data in order to fulfill agreements or other legitimate interests, such as to maintain relationships with stakeholders.
7. Questions and complaints
Any incidents relating to the personal data that we process should be reported to RMD without delay. RMD shall report the incident to the Data Inspection Agency without undue delay and no later than 72 hours and take the necessary measures as a result.
You have the right to get access to your data and to correct inaccuracies. You can also revoke your consent to the collection and, if there are no legal obstacles, get the data deleted.
If you have any questions about this information text, or if you want to exercise any rights in accordance with what is stated, you can contact RMD at firstname.lastname@example.org.