Data Protection and Security

Data protection goals 

Papershift GmbH takes the protection of personal data very seriously and formulates the following data protection goals for the company management. This defines the basic orientation of Papershift GmbH in regard to compliance with the General Data Protection Regulation (hereinafter GDPR). In particular, it stipulates that compliance with statutory regulations takes precedence over business requirements. The GDPR is based on a few principles that we would like to address in relation to setting our goals:

Legality

When data are processed by Papershift GmbH, the data subject’s informational right to self-determination should be preserved. This means that personal data should only be collected and processed in a lawful manner.

Appropriation

The processing of personal data should only be carried out in accordance with the purposes that were specified before the data were collected. Subsequent changes to the purposes are only possible to a limited extent and require grounds.

Data Minimization

Before processing personal data, it should be checked whether and to what extent this processing is necessary to achieve the intended purpose of said processing. If it is possible to achieve the purpose and if the effort required is proportionate to the intended purpose, anonymized or statistical data must be used. Personal data should not be retained for potential future purposes unless this is required or permitted by national law.

Correctness and Topicality

Personal data must be stored correctly, completely, and – where necessary – must be up to date. Appropriate measures must be taken to ensure that inaccurate, incomplete, or outdated data are deleted, corrected, supplemented, or updated.

Erasure and Storage restriction

Personal data that are no longer required after the expiry of statutory or operational process-related retention periods must be erased. If in individual cases, there are indications of interests that are worthy of protection or of a historical significance of these data, the data must continue to be stored until the interest worthy of protection has been legally clarified.

Confidentiality and data security

Data secrecy applies to personal data. When handling data, they must be treated confidentially and secured against unauthorized access, unlawful processing or disclosure, as well as accidental loss, alteration, or destruction through appropriate organizational and technical measures. Technical and organizational measures for data security are documented here: to the download.

Transparency

The data subject should be informed about the handling of their data. In principle, personal data must be collected from the data subject themselves. When collecting the data,

the data subject should at least be able to identify the following or be informed accordingly about:

  • The identity of the responsible authority
  • The purpose of the data processing
  • The stored retention periods
  • Third parties or categories of third parties, to whom the data may be transmitted.

For this purpose, Papershift GmbH has made a public procedure log available, which documents all processes that deal with personal data: to the procedure log.

Data portability

Data portability applies to personal data. Data subjects should have the opportunity to export their data in a machine-readable format, in order to import them elsewhere. For this purpose, Papershift GmbH provides its users with numerous standardized exports which make this possible.

Acknowledgment

All Papershift GmbH managers and employees undertake to pursue these data protection goals and to comply with the General Data Protection Regulation, as well as to support the data protection strategy to the best of their ability.

To ensure data protection, Papershift GmbH implements technical and organizational measures, transparency, risk management, training of employees, and other procedures still under development.

Appendices

Data Protection Agreement – AVVDownload
Annex Description of the technical & organisational measuresDownload
Annex SubcontractorsDownload
Annex Appointed personsDownload
Annex Reporting data protection breachesDownload
Annex Data Protection GoalsDownload

Still, have questions?

Please write to us at [email protected]