Sikker håndtering af dine persondata er en høj prioritering her hos NordicScreen. Derfor har vi høje sikkerhedsstandarder både indenfor det tekniske design af vores løsninger, til valg af underleverandører og til træning af vores medarbejdere. Vi gør alt dette for at forsikre dig om, at vi vil håndtere din data på en pålidelig og sikker måde, med respekt for dit privatliv. På denne side finder du Nordic Screens DPA, sammen med muligheden for at anmode om din egen signerede kopi af DPA’en.
Hos NordicScreen tilbyder vi en standard DPA til alle kunder.
Kontakt os hvis du vil have din egen signerede kopi.
Du finder en opdateret liste af NordicScreens underleverandører på underleverandør siden. Disse underleverandører bruges i forbindelse med levering af de services vi tilbyder.
NordicScreen leverer en standard databehandleraftale til alle kunder i relation til de services vi leverer. Databehandleraftalen er tilgængelig på følgende sprog:
– Engelsk (Primær)
Få tilsendt din egen signerede databehandleraftale ved at kontakte os via [email protected]
Alle opdateringer angående databehandleraftalen, ændringer i underleverandører og generelle betingelser vil blive sendt ud via vores nyhedsbrev Legal. Tilmeld dig og vær sikker på, at du får besked når der er nyt.
Her under kan du læse et engelsk eksempel på vores databehandleraftale. Ønsker du at læse en i på dansk, kan du anmode om at få en dansk version tilsendt jf. ovenstående afsnit Få din egen databehandleraftale.
The purpose of the data processor’s processing of personal data
Processing on behalf of the data controller shall mainly pertain to:
categories of data subject
The purpose of the data processor’s processing of personal information is to ensure the data controller’s access to the product(s) selected, see selected licenses, and to provide the data controller with support for the use of the solution.
Storage of personal data used for the data controller to access the system(s); storage of personal information that the data controller uploads to the systems, including information about meetings, events, etc. as well as storage of personal data in connection with the data processor providing the data controller with support for the system.
Employees of the data controller who are granted access to the products by the data controller.
Persons who appear from the information uploaded to the system by the data controller, e.g. the data controller’s customers.
A.1. The processing includes the following types of personal data about data subjects:
The processing includes the following types of personal data about data subjects
☒ Non-sensitive categories of personal data
Name, password, telephone number, mobile number, e-mail address, IP address, position, language, type of user in accordance with the data controller’s choice.
In addition, any personal data that the customer chooses to upload in connection with the use of the systems are processed, including information about meetings, events and information from the customer’s calendar system when using Q-Cal.
Special categories of personal data (tick the boxes)
☐ Racial or ethnic origin
☐ Political opinions
☐ Religious beliefs
☐ Philosophical beliefs
☐ Trade union membership
☐ Health data
☐ Sex life or sexual orientation
☐ Genetic or biometric data for the purpose of identification
☐ Criminal convictions and offenses
A.2. The data processor’s processing of personal data on behalf of the data controller may be performed when the Clauses commence. Processing has the following duration:
The processing takes place until the end of the month in which the customer relationship ends + 30 calendar days.
In connection with support for the system, the written documentation regarding the support case is stored for 2 years, in order to ensure traceability and documentation.
SubcontractorsAn updated list of sub-processors used can be found at any time on NordicScreen’s website.The data controller shall on the commencement of the Clauses authorise the use of the abovementioned sub-processors for the processing described for that party. The data processor shall not be entitled – without the data controller’s explicit written authorisation – to engage a sub-processor for a ‘different’ processing than the one which has been agreed upon or have another sub-processor perform the described processing.APPENDIX C – INSTRUCTION PERTAINING TO THE USE OF PERSONAL DATAC.1. The subject of/instruction for the processingThe data processor’s processing of personal data on behalf of the data controller shall be carried out by the data processor performing the following:The data controller creates an account in which the data controller’s administrator can create users who have permission to access the customer’s account. NordicScreen only accesses the information that the customer uploads to a system if the customer requests support and such access is necessary to provide such support, or if special operational conditions make it necessary, e.g. when handling threats.C.2. Security of processingThe level of security shall take into account:As only personal data of a non-sensitive nature are processed (Article 6), and at the same time, it has been assessed that the impact on the rights and freedoms of the data subject is low, it has been assessed that it is sufficient to establish a low level of security.Subsequently, the data processor is entitled and obliged to make decisions about which technical and organizational security measures must be implemented to establish the necessary (and agreed) level of security.However, in any case and as a minimum, the data processor must implement the following measures:All communication on public networks must be encrypted.Where possible, access to the system is done with a 2-factor login and may only be done using a personal username and password.Any access and access attempts must be logged.All servers must be backed up.Through internal policies and internal supervision, NordicScreen ensures that all employees are aware of the security requirements that must be followed in order to achieve adequate processing security, including requirements that· Personal data in print may not be brought along in connection with working from home· Personal data may not be accessed in non-secure areas, including in public spacesNordicScreen also ensures that employees can only access the system if they are authorized to do so and that the systems are accessed solely as part of the performance of the work.NordicScreen follows internal policies and procedures for the secure storage of the information. The security level is continuously evaluated and audited internally at least once every year.NordicScreen has locked rooms where key cards and code locks are required to gain access.C.3. Assistance to the data controllerThe data processor shall insofar as this is possible – within the scope and the extent of the assistance specified below – assist the data controller in accordance with Clause 9.1. and 9.2. by implementing the following technical and organisational measures:At the data controller’s specific request and considering the nature of the processing, the data processor assists the data controller in fulfilling the data controller’s obligations regarding the exercise of the data subjects’ rights as set out in the personal data legislation.Requests made by data subjects to exercise their rights must be passed on without undue delay to the data controller.At the specific request of the data controller, considering the nature of the processing and considering what information is available to the data processor, the data processor assists the data controller in complying with its obligations, see Articles 32-36 of the General Data Protection Regulation:· Processing safety· Personal data breaches, including notification to data subjects· Impact analysis· Prior enquiries with supervisory authoritiesC.4. Storage period/erasure proceduresPersonal data is stored until the end of the month in which the license agreement expires + 30 days. After that, the information will be deleted.Information included in any support cases is stored for 2 years after the support case is closed. After this, the information is deleted.C.5. Processing locationProcessing of the personal data under the Clauses cannot be performed at other locations than the following without the data controller’s prior written authorisation:NordicScreen ApSNormansvej 18920 Randers NVDenmarkReference is made to the locations that appear from the list of sub-processors attached as Appendix B.C.6. Instruction on the transfer of personal data to third countriesThe data processor may transfer personal data to third countries in connection with the use of the approved sub-processors.Transfer to third countries may potentially take place using sub-processors based in a third country, but where the personal data is stored in the EU.Transfer to third countries will take place directly using individual sub-processors.C.7. Procedures for the data controller’s audits, including inspections, of the processing of personal data being performed by the data processorOnce a year, the data processor prepares a report to the data controller, documenting that the agreed level of security has been maintained and that these provisions have been complied with. The report will be published on the https://nordicscreen.com/.If the data controller should wish to receive an auditor’s statement or to carry out a physical inspection of the data processor, this is to be done at the data controller’s expense.Version:
Ta’ med til live webinar og lær hvordan en møderumsskærmsløsning kan optimere din virksomheds brug af jeres mødefaciliteter.
Vi ved, at du allerede har en kalender du foretrækker, derfor gennemgår vi også, hvordan du kobler løsningen sammen med din eksisterende kalender. Samtidig tager vi også et kig på de fordele der er ved at integrere din møderumsskærmeløsning med din infoskærmsløsning.