- Doro Group
- Corporate Governance
- A responsible governance
- General Meeting
- Board and Management
Information concerning our progress with GDPR
As of the 25th of May 2018, the General Data Protection Regulation (GDPR) will become applicable law for all the member states of the EU and the EES. It is the most extensive legal reform concerning personal integrity in the last 20 years and will bring a lot of changes, such as stronger protection for an individual’s personal integrity and a more extensive responsibility for data controllers such as Doro.
We are well aware of the changes that are coming and we have been working with, and prioritised, the implementation of the GDPR into our organisation to assure we are compliant by the time the GDPR comes into force. We deeply value our customers trust and we feel that when you use our services or interact with us, it should be a given that you to feel safe in the knowledge that we are only processing the data we need in a secure manner.
Where are we now?
Doro has always valued personal integrity and the safety of our clients, customers and consumers. We are aware that some of these may be in the later stages of life and might, sometimes, need a little bit of extra help. Therefore, we engaged our whole organisation with questions concerning the GDPR from an early stage. We are working with our lawyers and we have worked together with external experts. We have also appointed a Data Protection Officer (DPO) whose task is to work with issues related to the protection of personal data within our organisation. Our DPO will continue this work even after the GDPR has come into force.
Our first step was to look at our organisation and identify all the personal data we are already processing. Now, we continue this process by upgrading our routines, continuously oversee our organisation, review our business agreements, educate our employees and scrutinize our security systems. The business conducted under Doro Care is already certified for ISO 27001, which has given us a head start and a stable ground to build on. Our ambition is that you as a customer should never have to be at risk when we are processing your personal data and that you feel safe knowing our employees is aware of, and are working from, our security and confidentiality demands.
Processing of personal data
The data that is being entered into our systems by our customers, and in some cases their users, is processed exclusively according to the customers instructions as well as the instructions in our updated agreements and general conditions. We will not share your data with any businesses or persons in third countries without your knowledge and your consent.
Use of sub-processors (other processors)
Doro mainly manages all the processing of personal data we are responsible for on our own. However, sometimes, we hire and work with different businesses or consultants that support us in our work. We are very thorough in our elimination process when hiring a sub processor and we always make sure our final candidate is competent and can, at the very least, uphold the confidentiality and security levels we demand. We will make sure you are given information about any sub-processors that have the right to access your personal data.
Safety and protection
The GDPR demands that we work and only process data that is secured by the appropriate technical and organisational measures needed to ensure a level of security appropriate for your personal data. We strive to always keep a high level of security and build a safe infrastructure that can guarantee the safety when using our services, safe data, safe communications as well as private communication with us through our information channels such as the internet, telephone and e-mail.
For security, our infrastructure has been constructed in different layers that build upon each other. We use, amongst other safety precautions, encryption, verification, safety keys and anonymisation to protect your data. Through our Doro Care service, we process some sensitive personal data which, because of its nature, requires and is secured by an even stronger protection.
How does this effect you as a customer?
In relation to the communes or other companies using Doro Care we are not controllers but processors. This means that personal data that belongs to an individual are being processed and stored by us on behalf of the controller who gathered the data. The controller is always ultimately responsible for the data being processed, but we guarantee that we always fulfil the obligations put on us. These demands will increase through the GDPR. Doro is therefore currently working to look over our processor’s agreements, supplier agreements and our storage limits for personal data. We hope all the organisations we are working with will begin a process of their own to do the same.
We are currently looking at our customer records and we are ensuring any data stored is only for legal requirements. We are also developing new routines so that it will be easier for you as an individual to get in contact with us and exercise the rights you are entitled to through the GDPR. This will ensure that you have a stronger protection and a bigger insight, as well as making it easier for you to be informed.
What can you do?
As a customer it is good to take a small tour around our website and inform yourself about what we do and how we are processing your data. If you are a controller, you can find out more about your obligations from your local supervisory authority. Also, do not forget to keep updated about other companies progress with the GDPR such as Google or Facebook. We work together with these companies but we are not responsible (controllers) for the data that you are giving them since we cannot process nor decide how that data will be used.
What happens now?
Concerning the systems being developed to make it easier for you, as an individual, to exercise your rights and both access and receive information about all the personal data we are processing about you, what we are doing with it and if we are sharing that information with other parties. You will, through this system, be able to demand that we should correct, complete or erase your personal data. You will also be able to easily transfer your personal data, when it is stored digitally in our servers, to another party at your wish.
226 43 Lund
Phone 0046 46 280 50 00
Corporate identification number