What is the GDPR?
Organizations established in the EU and processing personal data of EU-based individuals will, in almost all cases, be required to comply with the GDPR by May 25, 2018.
The GDPR updates and harmonizes the framework for processing personal data in the European Union, and brings with it new obligations for organizations and new rights for individuals. Many organizations, large and small, are now preparing for the new regulation.
We are fully committed to complying with the requirements of the GDPR.
We have taken these new requirements to heart and made changes to our products, contracts and policies to ensure that we are fully in compliance with the GDPR before May 25, 2018.
RandomCoffee services will comply with the GDPR when it becomes enforceable on May 25, 2018.
Have we nominated a Data Protection Officer ?
Yes. His identity has been communicated to the CNIL, the independent French administrative regulatory body whose mission is to ensure that data privacy law is applied.
How can I get in touch with the DPO ?
Do we ensure that our third party providers are or will be compliant in time?
Yes. We’re currently reviewing all of our third party providers’ policies regarding GDPR, notably including:
What is a Personal Data Breach?
A Personal Data Breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
Do we have a notification procedure in case of a Personal Data Breach?
We have specific data breach notification procedures in place, respecting the deadlines of the GDPR in communicating any breach.
What are the Rights employees can exercise?
The Rights employees can exercise are :
Right of Access: You may request to access your Personal Information and obtain a copy of Personal Information which is being processed by RandomCoffee. In the event that you request to know what Personal Information is being processed by us, we will provide you with the following information free of charge: purposes of processing; categories of Personal Information processed; recipient(s) of Personal Information; length of time during which the Personal Information will be stored; your privacy rights; and information on data transfers. Such requests will be made by sending a request to [email protected], please make sure to provide your relevant details.
Right of Rectification: You may request to change, update or complete any missing data we process about you, by sending an email to [email protected] with you relevant details. Please note that we may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.
Right of Erasure: You may at any time withdraw your consent to our processing of your Personal Information. In this case, if there is no overriding legitimate interest for continuing the processing of your Personal Information (e.g. to comply with our legal obligations, resolve disputes, enforce our agreements, etc.) and the Personal Information is no longer necessary in relation to the purpose for which it was originally collected, we will erase your data. Such withdrawal of consent will be made by sending an email to [email protected] with your relevant details.
Right of Restriction of Processing: You may request us to restrict processing of your Personal Information if one of the following applies: (i) the accuracy of the Personal Information is contested by you; (ii) the processing is unlawful; or (iii) if we no longer need the Personal Information. Such request will be made by sending an email with the relevant details to [email protected].
Right to Data Portability: You have the right to receive the Personal Information in a structured, commonly used and machine-readable format. Such request will be made by sending an email with your relevant details to [email protected].
How can employees exercise their Rights?
Employees can exercise their Rights by sending us an email to [email protected]
What type of Personal Data do we collect?
Following the Privacy by Design principle, we only collect the data that we need, which in our case is at minimum the First Name, the Last Name & the Professional Email.
Then, upon customer requests, we may collect other personal data such as the employee’ department, or any other relevant data to deliver the service.
How do we collect the Personal Data?
It depends on each customer, but the main way to collect Personal Data is through a registration form that Employees must fill themselves, therefore ensuring consent.
We also are integrated with SAP SuccessFactors & may integrate with other HRIS.
Where do we store the Personal Data we collect ?
The data is stored on a RDS database on AWS (Amazon Web Services) in Francfort, Germany. The data is never replicated or copied out the region.
How long do we store the Personal Data ?
We keep the data for 18 months. After our system automatically deletes the Personal Data.