Our promises for data protection
Data protection is of biggest importance to us. And we work continously with questions regarding data protection and GDPR. Here you can read about our eight promises for data protection. They are an important part of our Code of Conduct.
We promise to ensure all Kivra’s employees have sufficient knowledge about the requirements under the data protection legislation and to make everyone at Kivra aware of the importance of handling personal data with care and integrity in compliance with the fundamental principles of the GDPR and Kivra’s Data Protection Promises.
2. Data Inventory
We promise to know and continue to know what personal data we collect, how we use it, who we share it with, ensure we have a right to process it and that we are doing so in accordance with the requirements under the data protection laws.
We promise to process personal data in a transparent manner in relation to the individuals whose personal data we process.
4. Third Party Management
We promise to keep the personal data we process safe throughout its life cycle. This means that we will only share personal data with external parties if we have a legal basis to do so and if we feel confident that such party will process the personal data in accordance with the data protection legislation and Kivra’s instructions.
5. Rights of Individuals
We commit to honor the rights of those people whose data we process (rights related to information, access, rectification, erasure, restrictive processing, data portability, object and automated decision making/ processing).
6. Secure processing
We promise to implement and maintain appropriate technical and organizational security measures which are appropriate to the level of risk we have identified and to ensure that our processing of personal data complies with the applicable laws. We promise to keep the personal data we process secure by conducting regular assessments of our security risks so as to adopt a risk-based approach when implementing and updating our security program.
7. Appropriate safeguards for data transfers
We promise not to transfer personal data unless appropriate safeguards are in place for the transfer. We particularly promise not to transfer personal data to a country or territory outside the EU/EEA (“third country”) unless an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data can be ensured.
8. Privacy by Design and Default
As we innovate and build or deploy new tools, features and methodologies, we will ensure that compliance with privacy laws and our 8 Promises is considered at the earliest possible stage so that we can comply with the requirement for “privacy by design” under the GDPR which also includes “privacy by default”.