Data Processing Operations
We process large amounts of data for our customers and as such feel a need to offer ourselves and our customers the ability to control and manage data. To be able to manage data more effectively we have introduced a classification system that is easy to understand but is also configurable. The main purpose is to protect privacy by being able to target direct identifying personal data and sensitive data, rendering other data that was first personal data as non-personal data. The other purpose is to identify the purposes of processing and be able to bundle data according to its intended need. This allows us and our customers to configure the modes of operability towards the data and tailor data more towards its intended need. As a result, we can assist our customers in complying with the principles of purpose limitation and data minimisation. Our customers are always responsible for reviewing the classification and classifying the fields that have not been classified so that all data will be included in the retention policy that has to be set for each customer individually.
For more information regarding the classification, its purpose and your responsibilities as a customer and controller of personal data please visit www.aditro.com/gdpr.
Categories of personal data
We have classified all data according to the type of personal data concerned. This has resulted in 3 different classes of personal data. The three classes are:
|0||The purpose and the probable value contained in the field are not personal data||Employment Tax Table||Generic: Applies to a large group of people and is not specific to a group of people such as organisation or department|
Non-Matching: Deviations in a subset cannot be used to identify a specific person
General Public Information: Information that does not necessarily relate to a data subject but serves other purposes such as Years, Number of characters in a field, date entered if not entered by a person, etc.
Aggregated: Data stating aggregated data from a large set such as absence per month for the whole company
Risk: Low risk
|1||Field is likely to contain personal data that relates indirectly to a person||Vacation days|
|Generic: Applies equally to a set of people within an organisation|
Matching: Deviations in a subset can be used to identify a specific person but combination with direct identifying data is necessary to relate the data to an individual
Aggregated: The value is derived from a more detailed value such as number of vacation days per year instead of specific dates
Risk: Medium risk, business risk if it can be matched with other data
|2||Field is likely to contain personal data that relates directly to a person||Name|
E-Mail, IP Number
|Non-Generic: Applies to one individual or equally to immediate family of the same person|
Matching: Data can be used to identify a specific person without the use of additional information
Aggregated: Data can still be aggregated but must then concern an innate aspect of the person that can be distinguished with ease such as sex
Risk: High risk for integrity of the person
|3||Field is likely to contain sensitive data||Data relating to health, trade union membership and religious membership||All data that is considered as sensitive data under the GDPR (2016/679) Article 9.|
|SIE||Shared Identifying Element||Employment Number||The employment number is shared with just our customer and us and is therefore less prone to abuse as the data is not readily (publicly or on request by anyone) accessible and if no other personal data in category 2 is processed jointly|
|PIE||Public Identifying Element||National Personal Identification Number||The personal identification number is a public standard and is therefore more prone to abuse, the Personal Identification Number should never be shared with external parties|
The examples used is also the data that is normally processed in all solutions, more information on the categories of sensitive data can be found further below and is split up in delivery model and environment. The classification is done in all products where either the content is known or can likely be known. The customer is always responsible to check the classification to ensure that it is in line with customer policy and that possible fields added by the customer are classified and as such are covered when executing any relevant retention policy.
Sensitive or “Special categories” of data are only processed when such data types are strictly needed for the purpose described. Payroll applications may for example need data on trade union membership to calculate salary. The sensitive data types required for our applications and processes due differ from country to country. Please take contact with us to verify the sensitive data types that are processed in the application or service you are purchasing.
All our HRM and Payroll products may be processing sensitive data, the data can be distinguished into three main categories:
1. Health-related data
2. Trade Union Membership data
3. Religious Membership data
The data mentioned above may be processed for the purposes described below, the processing of sensitive data is necessary to calculate the payable salary. Besides the data mentioned above the customer may during the use of our application add other fields that may contain sensitive data due to the configurability of our software solutions. The customer is responsible for ensuring that these fields are also categorised accordingly. We have categorised the fields that are necessary as part of our product to function or those fields that are needed to comply with a legal requirement, the fields that do not belong to these groups are automatically assigned to the customer.
For Business Process Outsourcing
As part of our Business Process Outsourcing services we may process more types of data outside of our products, such data may contain sensitive data. All our BPO staff is trained to at a basic level understand what sensitive data they process and how they should treat it. However most of the processing is very customer specific and it is therefore advisable that each customer is involved in instructing the conditions of processing for such data so that it is in conformance with the companies own policy.
Data processed as part of relevant legal obligations
Aditro’s services generally do not include an obligation to store or archive data to comply with customer or legal requirements. This responsibility stays with each Aditro customer.
For Aditro customers’ personal data that has been classified in Aditro’s applications as processed for legal purposes, Aditro will provide a number of possible categories of relevant legal requirements (as stated in the list to the left below). The data fields in each category will in Aditro’s standard configuration for each country have the minimum retention times stated below, based on Aditro’s interpretation of the legislation mentioned below (normally starting at the end of the relevant calendar year). Each Aditro customer remains at all times responsible for its retention policy and for execution of deletion routines once data is no longer required for the defined legal purpose. Unless otherwise agreed in writing, Aditro’s processing of personal data retained by an Aditro customer in an Aditro cloud application and classified only for legal purposes, will be limited to storage in Aditro’s cloud environment, including agreed back-up services.