GITS PSF commitments as a data controller
Within the GDPR framework GITS PSF is also considered as a “data controller” when we determine the purpose and method of “our” personal data processing. This is typically the case when we collect data for billing, managing accounts receivable, improving the quality of services and performance, sales prospecting, commercial management, etc. Another example is when GITS PSF collects personal data on its own employees.
In this scenario, any ‘customer’ data – the data that our customers store themselves on GITS PSF’s managed and/or hosted services are not affected. On the other hand, certain information concerning our customers or concerning our own employees (the identity and contact details of your contact person at GITS PSF as part of a request for technical assistance, or purchase order) may be. This is why GITS PSF ensures that this personal data is protected.
GITS PSF commits to:
- Limiting the data collected to what is strictly necessary: as part of this approach, when customers order a service, we record only the data required for billing or support purposes, or to make sure we meet our own legal obligations on data conservation;
- Only using the data it collects for the purpose for which it was collected;
- Conserving personal data for a limited and proportionate time. For example, data processed for the purpose of managing relations between a customer and GITS PSF (surname, first name, postal address, email address, etc.) is conserved by the company for the full duration of the contract;
- Not transferring this data to third parties other than companies associated with GITS PSF and acting as part of the performance of the contract;
- Implementing appropriate technical and organisational measures to ensure a high degree of security.