The purpose of this policy is to promote a transparent relationship between a user and the company and provide legal protection to both parties. In addition to the help desk, other departments have to observe the provisions of the GDPR. The marketing department, for example, has to respect these rules in order to use forms and landing pages to capture leads.
List of data collected and purposes
According to the GDPR, every company has to clearly explain how collected data are processed and the purposes of data collection. Also, according to the concept of purpose provided by law, such purposes must be legitimate, specific, explicit, and informed.
Indirect data collection
In addition to data explicitly requested from users, many digital applications often use data that are collected indirectly, for instance, IP number of a device, location data, pages visited of a website, among other information that may identify a user.
Sharing data with third parties
If a company shares collected data with third parties, the user has the right to know it is happening and why. Sharing data is critical in specific situations; for instance, when specific activities are performed by outsourced companies.
Data subject rights
- confirm the existence of data processing;
- access data being processed by a company;
- correct incomplete, incorrect, or outdated data;
- anonymize, block, or delete unnecessary or excessive data;
- request data portability to another service provider;
- cancel a previous consent for data collection and processing.
Data controller identification and contact
Data controllers must be properly identified, and such identification should include contact information. This information should be publicly disclosed for easy access by data subjects.
Want to know more about it? Contact us and see how to implement the GDPR!
Check the Milvus webinar about trends of the GDPR and the current scenario of companies, which is on our YouTube page.