Data protection goals of Papershift GmbH
Our company – Papershift GmbH takes the protection of personal data very seriously and formulates data protection goals by the company management below. This defines the basic alignment of Papershift GmbH for compliance with the General Data Protection Regulation (hereinafter referred to as GDPR). In particular, it states that compliance with legal regulations takes priority over business requirements.
The GDPR is based on several principles that we would like to when setting our goals.
When processing personal data by Papershift GmbH, the data subject’s right to self-determination should be preserved. This means that personal data should only be lawfully collected and processed.
The processing of personal data should only pursue the purposes that were determined before the data was collected. Subsequent changes to the purposes are only possible to a limited extent and need to be justified.
Before processing personal data, it should be checked whether and to what extent this is necessary to achieve the intended purpose. If it is possible to achieve the purpose and the effort is reasonable concerning the intended purpose, anonymized or statistical data must be used. Personal data should not be stored in stock for potential future purposes unless this is required or permitted by state law.
Accuracy and Timeliness:
Personal data must be stored correctly, completely and – if necessary – up to date. Appropriate measures must be taken to ensure that incorrect, incomplete or outdated data is deleted, corrected, supplemented or updated.
Deletion and Storage limitation:
Personal data that is no longer required after the expiry of statutory or business process-related retention periods should be deleted. If there are indications in individual cases of interests worthy of protection or the historical significance of this data, the data must remain stored until the interest worthy of protection has been legally clarified.
Confidentiality and Data security:
Data secrecy applies to personal data. They must be treated confidentially in personal dealings and be secured by appropriate organizational and technical measures against unauthorized access, unlawful processing or transfer, as well as accidental loss, modification or destruction. Technical and organizational measures for data security are available for download below.
The person concerned should be informed about the handling of their data. In principle, personal data must be collected from the person concerned. When the data is collected, the data subject should be able to recognize at least the following or be informed accordingly:
- The identity of the responsible body,
- The purpose of data processing,
- The retention periods stored,
- Third parties or categories of third parties to whom the data may be transmitted.
For this purpose, Papershift GmbH has provided a public list of procedures, which documents all processes that deal with personal data.
Data portability applies to personal data. Affected people should be able to export their data in a machine-readable format so that they can be imported elsewhere. For this purpose, Papershift GmbH provides its users with numerous standardized exports that make this possible.
Commitment to Data protection goals
Commitment goals All managers and employees of Papershift GmbH undertake to pursue these data protection goals and to uphold the General Data Protection Regulation and support the data protection strategy to the best of their ability.
To ensure data protection, Papershift GmbH relies on technical-organizational measures, transparency, risk management, employee training, and other processes that are still being set up.
Documents and Information
|Appendix to AV: Report on data protection violations||Download|
|Appendix to AV: Contact person||Download|
|Appendix to AV: Technical organizational measures||Download|
|Appendix to AV: subcontractors||Download|
Still, have questions?
Please write to us at [email protected]