Project Frisket is located in Belgium and therefore we need to be ready to face GDPR. As this most strict regulation comes to force in May 2018 we make sure we are applying the GDPR standards to all personal data we are processing.
GDPR for all our EU and non-EU customers
The General Data Protection Regulation (EU) 2016/679 is an EU regulation on data protection and privacy for all individuals within the European Union. It comes into force on the 25th of May 2018 and replaces the 1995 Data Protection Directive. The aim of the new regulation is to provide more transparency and control to European citizens over their personal details, so they know how their personal data is processed as well as grant them back ownership of their personal data.
Main GDPR Rules
- Responsibility for data security
In November 2017, thanks to a successful implementation of the Information Security Management System (ISMS), we received ISO/IEC 27001:2013 certification. This means we have a proven framework consisting of policies and procedures in place for systematically managing sensitive data.
- Data protection by Design & Default
This means that from the start of a project (when designing the End-Users data flow) we choose the best way to protect the data and the least privacy sensitive option.
For each project we define how data flow is organised, how information and consent of End-User is organised and how access to data is organised.
For all questions with respect to privacy and security we have:
- a number of public reports available for our customers and third parties,
- a technical email address for End-Users,
- a Data Protection Officer available to address all other questions
- New End-Users Rights
We have procedures in place for all End-Users rights:
- Data access
- Data rectification and erasure
- Objection to data processing
- Data portability
- Duty to report Data Breaches
We are very happy to inform our customers that so far no data breaches occurred. We do have a system in place that controls any attempts and procedures in place to act upon.
- Appointing Data Protection Officer (DPO)
We have appointed a Data Protection Officer who is a first point of contact in case of any concerns or questions related to our personal data policies or practices. Our DPO contact details:
Q 1.6 / Project Frisket BVBA
Franklin Rooseveltplaats 12 bus 14
- Previously we had a PP and ToU for HR and Healthcare projects. We combined both types of End-Users, by changing the definitions:
- patients and employees into End-Users
- hospitals, doctors and employers into clients and third parties
- We made sure our PP is written in a plain language and explains clearly how we process personal data
- We added the new End-User right of data portability
- We added the legal basis on each of the data process services
- We added the process on how to act in case children are using the Q1.6 App
The PP and ToU can be found on our website and in the Q1.6 App Settings.