Policy for the processing and protection of personal data
The data protection policy applies to PH-EL Sikring ApS (the company).
Henning Niemann – has been appointed as responsible for the implementation of the data protection policy.
The policy should help ensure and document that the company protects its personal data in accordance with the rules on the processing of personal data. The policy also contributes to the company providing information about the processing and use of the registered personal data.
The policy is reviewed every year.
Record of processing of personal data
The company processes personal data on:
The company has compiled a record of the processing of personal data. The list provides an overview of the treatments for which the company is responsible.
The personal information is a prerequisite for the Company to enter into employment, customer and supplier contracts.
The purpose and legality of the treatment.
The personal data is processed and archived in connection with:
- Personnel management, including recruitment, hiring, resignation, reimbursement application, sick leave, employee development interviews and payroll.
- Master data for customers as well as orders and sales, including the collection of cookies on the website
- Master data for suppliers as well as requisitions and purchases
- Video surveillance
The treatment is legal by virtue of the legal basis as stated in the attached list.
The company does not use the personal data for purposes other than those listed. The company does not collect any more personal information than is necessary for the purpose.
Storage and deletion
The company has introduced the following general guidelines for the storage and deletion of personal data:
- Personal information is stored in physical folders.
- Personal information is stored in IT systems and on server drives.
- Personal data is no longer stored for what is necessary for the purpose of the processing.
- Personal data for employees is deleted five years after employment is terminated, and personal data on applicants are deleted after six months. Penal certificates on employees where it is required to be lying down will be deleted immediately upon resignation.
Based on the attached risk assessment, the company has implemented the following security measures for the protection of personal data:
- Only employees who have a work-related need for access to the registered personal data can access it either physically or through IT systems with rights management.
- All computers have a password, and employees must not pass on their passwords to others.
- Computers must have firewall and antivirus software installed that are constantly updated.
- Personal data is erased in a proper manner when phasing out and repairing IT equipment.
- USB keys, external hard drives, etc. with personal data must be stored in locked drawer or cupboard.
- Physical folders are located in locked office or locked lockers.
- Personal information in physical folders is deleted by shredding.
- All employees should receive instructions on what to do with personal data and how to protect personal data.
Personal information about employees can be disclosed to public authorities, eg SKAT and pension companies.
The company uses data processors only if the data processors provide the necessary guarantees that they will implement the appropriate technical and organizational security measures to comply with the requirements of the personal data right. All data processors sign a data processor agreement before processing is initiated.
The company safeguards the data subject’s rights, including the right of access, withdrawal of consent, rectification and deletion, and informs the data subjects about the company’s processing of personal data. The data subjects also have the right to appeal to the Data Inspectorate.
Violation of personal data security
In the event of a breach of the personal data security, the company shall report the breach to the Data Inspectorate as soon as possible and within 72 hours. Director Henning Niemann is responsible for this happening. The notification describes the breach, what groups of persons it concerns and what consequences the breach can have for these persons as well as how the Company has or will remedy the breach. Furthermore, in cases where the breach involves a high risk to the persons about whom the Company processes personal data, the Company will notify them. The company documents all breaches of personal data security on restricted server drives on its own server, which are physically stored at the company’s address.