How D&E Bearings works with GDPR and personal integrity
On May 25, 2018, European legislation will enter into force. The law requires, inter alia, that companies report the personal data that you collect, why you do it and how long it is stored. Companies also need to report on and, if so, who is responsible for compliance with DGPR. The act also requires companies to describe what happens after the terminated agreement or terminated business relationship.
Personal data about our customers that we handle or store
We collect and manage data such as first name and last name, email, addresses and phone number. These tasks are needed, inter alia, to enable us to contact our customers regarding deliveries, to inform about changes and to be able to comply with our agreements.
As long as you are a customer with us, orders of goods, changes in orders and other requests are saved to ensure traceability and agreement. Once a relationship is completed, we delete these data together with other customer-specific data.
Closed deliveries (such as delivery information, mail conversations and the like) are deleted from our systems by hand, as they may contain personal data such as delivery recipients. However, we would like to see if that type of information is changed to the function name of our customers, if possible. Example: recipient: stored, reference number: xxx, street address, zip code and postcard.
Administrative data
With administrative data we refer to invoices, invoice documents, contact details and the like. For invoice issues, we will use email addresses for invoice managers, if applicable. We do not share data with third parties and do not intend to make mailings such as advertising.
Upon termination of an agreement or commitment with us, all personal data will be deleted from you as a customer within one year. This includes administrative data (or individual user data when a company can terminate individual accounts without terminating as a customer), customer register, customer data, and all information that can be used to identify an individual. Invoices and other statutory information are stored in accordance with applicable legal requirements and then discarded. Within one week, all data will be deleted from our backups, then no data will be left.
E-mail, customer register, prospect list and the like
We continuously delete all correspondence and aim to save data older than 12 months unless commitments, agreements, agreements or ongoing negotiations warrant this. If applicable, data may be stored for longer periods in our systems, as some of our business may have long cycles. Our goal is to clearly inform you about this when we start a discussion with new customers.
Our website does not automatically save personal information if the customer does not enter such information. Messages sent to us via our website are sent by e-mail and are manually deleted from logs according to the above policy.
Protection and supervision
With strong requirements for passwords, surveillance and no third party suppliers with transparency in our data, our customers’ data or our customer records, we keep all data protected. We have also chosen not to use our customers’ brands for the purpose of promoting, for example, the website.
Just as our third party providers do not understand our or our customers’ data, they also do not have access to our servers. Our data centers are protected by passport and alarm systems, and external backups for disaster recovery are encrypted and stored within the sphere of D & E Bearings. Extarna backups are saved for a maximum of one week and all data is available in Sweden.
Responsible for ensuring that our policies regarding GDPR compliance are respected in each area. The ultimate manager is the CEO or the board.
Click here to what cookies our wesites set (in English)