Here is all information about GDPR (General Data Protection Regulation)
Buzzador & GDPR
Buzzador’s business idea is to have a database. The database has grown organically by personal sign ups from all its members. Buzzador communicate to the database with offers to participate in campaigns to test and buzz about products and services from 3rd party clients. There is never any direct dialogue between Buzzador’s clients and the database, all communication is via Buzzador (without explicit consent).
- Personal data
- Information Security
– Buzzador collect data from its members to match them with relevant campaigns. The type of personal data that is collected is: name, address, email, interests, marriage status, number of children and if they have pets. When more personal data is required for a certain campaign, this data is collected at time of invitation and kept for the duration of the campaign (maximum 6 months).
– Members are encouraged to accept API:s from 3rd party partners to Buzzador (such as Facebook, Twitter and Youtube). This is for Buzzador to be able to measure reach and engagement the members generate, to share this information with its clients. The member itself is kept anonymous and the data is collected purely to retrieve campaign results to present to client as a summary in the end of the campaign. The connection to the API:s can also be used for screening process prior to a campaign in line with client’s target group and campaign objectives.
– The personal data that is given to Buzzador is never shared with its clients or other 3rd parties unless it has been clearly communicated and consent explicitly has been given by the member.
– By signing up as a member to Buzzador it is necessary to have read and understood and approved the handling of their personal data.
– The policy of how Buzzador handle personal data is available to all its members on its website.
– If a member requires to retrieve the personal data that Buzzador store on them, there is a routine in place for them to do so within 14 days of enquiry.
– The main purpose for keeping the personal data is to be able to match campaigns and offers in line with target group of product/service and interests and demographics of member. A second purpose of keeping personal data is to be able to compare results from surveys and campaigns over time and deal with questions from both members and clients.
– All data will be discarded when it is no longer relevant or necessary for analyses or development for the purposes for which it was compiled.
Buzzador has taken strong security measures in respect of handling of its members’ personal data, questionnaire and analysis systems and gone to great extend to prevent any wrong handling, incorrect use or information being altered.
Responsibility and roles
There is a Data Protection Officer (DPO) assigned to ensure that Buzzador keep the policies in terms of handling personal data. The DPO is Susanne Rooker, who also is the CEO of the company. The IT-manager is responsible to keep all IT-systems updated and in line with the policies of handling personal data. Buzzador’s IT-manager is Sajjad Asif.
Data Protection Officer
– The DPO has the responsibility to report directly to the board of directors in the event of any breach of the policy of personal data.
– The DPO has the responsibility to monitor and supervise the handling of all personal data at Buzzador including its members, partners, employees and clients.
– The DPO has the responsibility to ensure that all IT & security systems are up to date and is in line with the company policy.
– The DPO is the contact person both to external enquiries (from members, partners and clients) as well as internal enquiries (employees, former employees and board of directors).
– Contact information: firstname.lastname@example.org
Principles to access control
The principles to access control is directly in conjunction with each person’s work description. Employees of Buzzador will have access to all systems that is required for them to carry out their work, and limited to those systems that are outside of their working tasks.