At Tappin AS, we understand the importance of privacy and data protection. We are committed to protecting the personal data of our customers and users in line with the EU's General Data Protection Regulation (GDPR). Here's how we ensure full GDPR compliance:
Localized and Secure Hosting
- Microsoft Azure Hosting in Norway: We use Microsoft Azure for our hosting services, located in Norway. This ensures that the data is handled within the EU/EEA area, in accordance with GDPR requirements.
Certified Data Protection Officer
- Certified Data Protection Officer: We have a certified data protection representative who ensures that our processes and practices comply with the GDPR's standards.
Data processor agreements
- Individual Data processor agreements: We establish a separate data processing agreement for each of our customers. This ensures that the handling of personal data takes place in accordance with the strict requirements of the GDPR.
DPIA - Data Protection Impact Assessment
- Implementation of DPIA: DPIA stands for Data Protection Impact Assessment. It is a process to identify and minimize the risk associated with personal data. We carry out the DPIA in accordance with the GDPR's rules and recommendations to ensure that our data processing activities do not pose a risk to the rights and freedoms of individuals.
Systems for Deviation Reporting and Incidents
- Deviation reporting and Event log: We have implemented systems for immediate reporting and handling of any deviations or security incidents. This ensures quick response and necessary measures to protect our customers' and their users' data.
Compliance with the Norwegian Data Protection Authority's Recommendations
- Follows recommendations from the Norwegian Data Protection Authority: We closely monitor and implement the Norwegian Data Protection Authority's recommendations to ensure that we are always up-to-date on best practices in data protection.
Standard Contractual Clauses (SCC)
- Use of SCC: We use Standard Contractual Clauses (SCC) to ensure that data transfers to countries outside the EU/EEA take place in accordance with the GDPR.
Internal Training and Awareness
- Separate training program for employees: We have implemented an internal training and awareness program for all employees to ensure understanding and compliance with GDPR standards in all handling of personal data.
Review of Privacy Practices
- Regular Review: We conduct an annual review of our privacy practices to ensure they remain up-to-date and in line with the latest GDPR requirements.
Protection of Individual Rights
- User rights under GDPR: We respect and facilitate all individual rights under the GDPR. This includes the right to access, rectification, erasure (the right to be forgotten), data portability, and the right to object to the processing of your data.
Security measures and risk management
- Extensive Encryption and Internal Procedures: To protect personal data, Tappin uses advanced encryption technology and strong internal security procedures.
Cooperation with third parties
- Cooperation and Advice: We mainly work with our customers and partners, where we often act as data processors. We ensure that all data exchange with third parties complies with the GDPR and assist with advice and quality assurance in this process.
Contact information for Privacy issues
- Contact Us for Privacy-related Inquiries: For questions about privacy, please contact us at gdpr@tappin.no or call us on +47 22 12 02 42.
Storage of Compliance documents
- Documentation routines: We have established systems for storing compliance documents, where we use solutions from NorthGRC (www.northgrc.no) to ensure accuracy and availability of important documentation.