Versions Compared

Old Version 4

changes.mady.by.user Julian Santos

Saved on

compared with

New Version Current

changes.mady.by.user Raphael Santos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

third partyVersion

1.0

Owner

CTO

Last Updated on

16 Jul

Last Updated by

Julian Santos Bruno Belizario

Approved by

Raphael Santos

Effective Date: [Date you choose, after which there will be consequences for personnel for non-compliance]

Application

This policy applies to all employees, contractors, and vendors while doing business with Ecoportal and others who have access to European Union (EU) and the European Economic Area (EEA) data subject information (“personal data”) in connection with Ecoportal's operating activities.

...

The Ecoportal Information Security and Data Privacy Policies are a component of the GDPR Policies and implement controls which support GDPR compliance.

Responsible Person

[NAME], [TITLE], [EMAIL], [PHONE] Daniel Alexander, Chief Strategy Officer, daniel@ecoportal.co.nz has been assigned responsibility for overall oversight of Ecoportal's GDPR compliance program.

...

The Data Protection Officer is: [NAME], [TITLE], [EMAIL], [PHONE]Daniel Alexander, Chief Strategy Officer, daniel@ecoportal.co.nz

Article 27 Local Representative 

...

Representative(s) is/are:

EU Representative: [NAME], [TITLE], [EMAIL], [PHONE], [COUNTRY]

  • Rickert Rechtsanwaltsgesellschaft mbH
    Colmantstraße 15
    53115 Bonn
    Germany

UK Representative:

  • Rickert Services Ltd UK
    PO Box 1487
    Peterborough
    PE1 9XX
    United Kingdom

Implementation

Data Protection

...

  • Collect the data specified by the data subject

  • Search all databases and all relevant filing systems (manual files) in Ecoportal, including all back up and archived files, whether computerized or manual, and including all email folders and archives. Ecoportal maintains a record that identifies where personal data in Ecoportal is stored.

  • Ecoportal will maintain a record of requests for data and of its receipt accessible by Ecoportal's Data Protection Officer, [Chief Legal Data Protection Officer], and/or any other designated Ecoportal representatives. Ecoportal will also keep a record of processing to include dates.

  • Provide data subjects an online mechanism to making request and all such requests will be logged.

  • Ecoportal will acknowledge the SAR within three (3) days of the initial request and respond to any SAR within 25 days of the initial request.

  • SARs from employees or previous employees will be coordinated with HR and the employees' current or previous departmental leadership.

...

  • Ecoportal may withhold information requested under SAR in accordance with Article 23 of the GDPR or any similar exemption under applicable law. Any such exemption must be reviewed and approved by the Data Protection Officer or [Chief Legal Data Protection Officer].

SAR Limits

Where permitted by law, such as Article 15 of the GDPR, for any further copies of personal data collected by Ecoportal that are requested by the data subject, Ecoportal may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic format.

...

All external communications with customers, regulators and law enforcement shall be approved by Ecoportal

Enforcement

The [roles responsible for the enforcement of this policy, e.g., Chief Human Resources Officer, HIPAA Security Officer, Chief Information Security Officer and Legal Counsel] Data Protection Officer are responsible for the enforcement of this policy.

...