Principle
Rights of data subjects; Connect2Trust Foundation as data controller
Principle
The Connect2Trust Foundation takes responsibility for the careful and secure collection, processing and storage of personal data of participants and other data subjects. When data subjects exercise their legal rights – such as the right to information, inspection, correction or deletion – Foundation Connect2Trust will facilitate this in accordance with laws and regulations.
Implementation
The ‘data subjects’ can exercise their rights by contacting the chairman and/or secretary of the Connect2Trust Foundation who will then handle the request (or have it handled).
Rights of data subjects; Connect2Trust Foundation as processor
Principle
Implementation
‘Data Subjects’ can exercise their rights by contacting the chairperson and/or secretary of the Connect2Trust Foundation, who will then handle the request (or have it handled).
Overview of processing
Principle
Measures
At a minimum, the register will include: Process, process owner, description of personal data, classification, retention period (retention), purpose of processing, recipients of the information, data exchange with third parties, third countries (when applicable), appropriate safeguards, risks and measures and whether or not a data protection impact assessment (DPIA) has been carried out.
DPIA
Principle & measures
The Connect2Trust Foundation carries out a Data Protection Impact Assessment (=DPIA, Data Protection Impact Assessment) on processing operations of personal data for which The Connect2Trust Foundation is responsible, if required by law or added value (risk management).
Privacy-by-Design & Privacy-by-Default
Principle & measures
The Connect2Trust Foundation applies Privacy-by-Design and Privacy-by-Default in the design and deployment of systems that process personal data.
Instructions
Participants who procure, build and/or provide systems are aware of the requirements of the AVG and secure this knowledge and functionality in the relevant systems.
Data protection officer
Principle
Given the very limited scope of activities around processing personal data, The Connect2Trust Foundation does not make use of the possibility to appoint (voluntarily) a Data Protection Officer (FG). Given the professional background of the participants, sufficient knowledge is present and – when relevant – activities around personal data protection are coordinated by the chairman and/or secretary of The Connect2Trust Foundation. Included are any contacts with the Personal Data Authority or other stakeholders.
Duty to report data breaches
Principle
The Connect2Trust Foundation takes responsibility for handling data breaches appropriately.
Measures
The Connect2Trust Foundation will always register a (suspected) data leak and, if relevant, the chairman, vice-chairman and/or secretary of The Connect2Trust Foundation will report the incident to the Personal Data Authority and the person(s) involved.
Instructions
Third parties and the participants report a (suspected) data breach to the chairman and/or secretary of The Connect2Trust Foundation (contact details are included in the Privacy Statement).
Processor agreements
Principle
Measures
In cases as mentioned in paragraph 9.1, approval of the board of the Connect2Trust Foundation is always required. If necessary, they will seek (legal) advice from specialists.
Principles
Principle
Measures
Instructions
If participants of The Connect2Trust Foundation are faced with any processing of personal data based solely on the consent of data subjects, approval of the chairperson and/or secretary is always required.
Speech
Principle
The chairman, vice-chairman and/or secretary are responsible for speaking out about incidents or undesirable situations involving the protection of personal data by The Connect2Trust Foundation so that material and immaterial damage (image) for The Connect2Trust Foundation and third parties can be minimised or prevented.
Measures