KTA Management |
Purpose: Kan-Tor & Acco is committed to protecting the privacy of personal data and ensuring compliance with the General Data Protection Regulation (GDPR). This GDPR Compliance Policy outlines how we collect, process, store, and protect personal data in accordance with the GDPR requirements. This policy applies to all partners, employees, and agents of Kan-Tor & Acco.
Definitions:
- Personal Data – any information that can be used to identify an individual, including name, address, email, phone number, etc.
- Data Processing – any operation or set of operations performed on personal data, including collection, storage, use, and deletion. Data Controller – the entity that determines the purpose and means of data processing.
- Data Processor – the entity that processes personal data on behalf of the data controller.
- The General Data Protection Regulation (GDPR) is a European Union regulation that governs the collection, processing, and storage of personal data. GDPR has strict requirements for data protection and privacy, and failure to comply with GDPR can result in significant fines and penalties.
Policy:
- Legal Basis for Data Processing Kan-Tor & Acco will only process personal data when there is a lawful basis for doing so. This includes obtaining the individual’s consent, fulfilling a contractual obligation, complying with a legal obligation, protecting vital interests, or pursuing legitimate interests.
- Data Collection and Use Kan-Tor & Acco will only collect personal data that is necessary for the intended purpose and will not retain the data longer than necessary. We will inform individuals of the purpose and legal basis for data processing, as well as their rights under GDPR. Personal data collected will be used only for the intended purpose and will not be shared with third parties unless legally required or with the individual’s consent.
- Data Security Kan-Tor & Acco will implement appropriate technical and organizational measures to protect personal data from unauthorized access, alteration, destruction, or disclosure. We will maintain a comprehensive data protection policy and conduct regular security assessments to identify and mitigate potential risks.
- Data Processors Kan-Tor & Acco will ensure that all third-party data processors comply with GDPR requirements and have adequate technical and organizational measures in place to protect personal data. We will ensure that all contracts with data processors include appropriate GDPR clauses and will conduct due diligence to ensure their compliance.
- Data Subject Rights Kan-Tor & Acco will respect the rights of data subjects, including the right to access, rectify, erase, restrict, or object to data processing. We will respond to data subject requests within the required timeframes and will provide a transparent and accessible mechanism for data subjects to exercise their rights.
- Data Breach Notification In the event of a data breach, Kan-Tor & Acco will promptly assess the impact on individuals and notify the relevant authorities and affected individuals as required by GDPR.
- Data Protection Impact Assessments (DPIA) Kan-Tor & Acco will conduct DPIAs to assess and mitigate the risks associated with new or changed data processing activities that may pose a high risk to individuals’ rights and freedoms.
- Third-party Services Kan-Tor & Acco will ensure that any third-party services we use for data processing, such as Microsoft Office 365, Share Point, Zoho CRM, and 3rd party GDPR secured servers for backups, are GDPR compliant and meet our data protection standards.
- GDPR Compliance Training Kan-Tor & Acco will provide regular GDPR compliance training to all partners, employees, and agents involved in data processing to ensure their understanding and compliance with GDPR requirements.
Conclusion: Kan-Tor & Acco is committed to protecting the privacy of personal data and ensuring compliance with GDPR requirements. We will implement appropriate technical and organizational measures to safeguard personal data, respect individuals’ rights, and ensure compliance with GDPR. We will regularly review and update this policy to ensure it remains current and effective in meeting our GDPR compliance obligations.
About Office 365 Security Measures
KTA uses Microsoft 365 as a cloud-based productivity suite that provides a range of applications and services to help businesses manage their operations. Office 365 includes popular tools like Word, Excel, PowerPoint, and Outlook, as well as collaboration tools like SharePoint and Teams. With more and more businesses using Office 365 for their day-to-day operations, it is important to understand the data security measures and compliance with GDPR that Microsoft has in place to protect user data.
Microsoft has implemented a range of data security measures to ensure that Office 365 user data is protected from unauthorized access, theft, and misuse. These measures include:
- Encryption: Office 365 uses industry-standard encryption methods to protect user data in transit and at rest. Data is encrypted using 256-bit SSL/TLS encryption during transmission, and stored data is encrypted using BitLocker drive encryption.
- Access controls: Office 365 includes robust access controls that allow users to restrict access to sensitive data based on user roles, permissions, and policies. Users can also set up multi-factor authentication to further enhance security.
- Threat protection: Office 365 includes advanced threat protection tools that help detect and prevent phishing attacks, malware, and other threats that could compromise user data. These tools include anti-virus and anti-spam protection, as well as machine learning algorithms that can detect suspicious activity.
- Compliance: Office 365 is compliant with a range of industry standards and regulations, including GDPR, ISO 27001, and HIPAA. Microsoft also provides compliance reports and audit logs to help users monitor their compliance status.
GDPR Compliance
The General Data Protection Regulation (GDPR) is a European Union regulation that governs the collection, processing, and storage of personal data. GDPR has strict requirements for data protection and privacy, and failure to comply with GDPR can result in significant fines and penalties.
Microsoft Office 365 is GDPR compliant, and Microsoft has implemented a range of measures to ensure that Office 365 users can comply with GDPR requirements. These measures include:
- Data protection: Office 365 includes features that allow users to protect personal data, including data loss prevention (DLP) policies, retention policies, and eDiscovery tools.
- User consent: Office 365 allows users to obtain consent from data subjects before processing their personal data, as required by GDPR.
- Data portability: Office 365 includes tools that allow users to export and transfer personal data, as required by GDPR.
- Data subject requests: Office 365 includes tools that allow users to respond to data subject requests, such as requests for access, rectification, erasure, and restriction.
About Zoho CRM Security Measures
KTA uses Zoho CRM as a cloud-based CRM. Zoho CRM is GDPR compliant, and Zoho has implemented a range of measures to ensure that Zoho CRM users can comply with GDPR requirements. These measures include:
- Data protection: Zoho CRM includes features that allow users to protect personal data, including data retention policies, audit logs, and data backup and restoration options.
- User consent: Zoho CRM allows users to obtain consent from data subjects before processing their personal data, as required by GDPR.
- Data portability: Zoho CRM includes tools that allow users to export and transfer personal data, as required by GDPR.
- Data subject requests: Zoho CRM includes tools that allow users to respond to data subject requests, such as requests for access, rectification, erasure, and restriction.
Office 365 Backup and Retention Policy
Office 365 backups are an essential part of any data management strategy, as they help ensure that critical business data is protected and can be easily recovered in the event of a disaster or data loss. Microsoft offers several backup and recovery options for Office 365 data, including:
- Retention Policies: Office 365 includes retention policies that allow users to automatically retain and delete data based on specific criteria. This help ensure that critical data is retained for the required period of time and is deleted when no longer needed.
- Exchange Online Archiving: Exchange Online Archiving is a cloud-based solution that provides long-term archiving of email data. This solution help ensure that email data is retained for the required period of time and can be easily searched and recovered when needed.
- OneDrive for Business and SharePoint Online: OneDrive for Business and SharePoint Online include versioning and restore features that allow KTA to recover previous versions of files and documents. This can help ensure that critical data is not lost due to accidental changes or deletions.
- Third-Party Backup Solutions: KTA uses third-party backup solutions to backup and recover Office 365 data. These solutions offer additional features and capabilities, such as the ability to backup and recover data across multiple Office 365 services, granular backup and recovery options, and advanced reporting and monitoring features.
In addition to backup solutions, KTA implemented data security measures such as multi-factor authentication, access controls, and encryption to protect their Office 365 data from unauthorized access and theft. By taking a comprehensive approach to data management and security, KTA ensure that their critical data is protected and can be easily recovered in the event of a disaster or data loss
Zoho CRM Backup and Retention Policy
Zoho CRM offers retention policies that allow users to automatically retain and delete data based on specific criteria. This can help KTA meet their compliance and regulatory requirements and ensure that data is retained for the required period of time. KTA have defined retention policies based on specific objects, fields, and criteria, and schedule them to run on a regular basis.
Zoho CRM also provides backup options to help KTA protect and recover their data. KTA schedule automatic backups of their CRM data to Zoho’s secure servers, and also perform manual backups at any time. Backups can be downloaded and restored to the CRM in the event of data loss or corruption.
Additionally, Zoho CRM offers granular access controls and encryption to help protect data from unauthorized access and theft. Users can set role-based permissions to control access to different features and data, and data is encrypted both in transit and at rest.
It is important to note that while Zoho CRM provides retention and backup options, KTA takes e a comprehensive approach to data management and security. This includes implementing data security measures such as multi-factor authentication, access controls, and encryption to protect their CRM data from unauthorized access and theft. By taking a proactive approach to data management and security, KTA can ensure that their critical data is protected and can be easily recovered in the event of a disaster or data loss.