General Data Protection Regulation (GDPR)


The General Data Protection Regulation (GDPR), a new EU wide law, is set to come into effect on the 25th May 2018. It is designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy. For more information about the GDPR, please visit EU’s GDPR Portal.

The GDPR strengthens the rights of individuals with respect to personal data. This means that Unifaun, as a software service provider, must strengthen the security measures that protect the personal data of our customers and individuals registered in our systems. As well as the features that enable our customers and individuals that use our services to exercise their rights.

It also means we must design our services to enable you, our customers, to meet your obligations as the data controller for the data you process using our services.

Unifaun naturally sets out to ensure that all of our software services, to the very best of our efforts, are compliant with the GDPR. Therefore, we have designed a comprehensive framework specifically with the GDPR in mind, comprised of the following main components:

  • Training for our employees
  • Privacy and data protection built into development and production
  • Dedicated data protection manager (DPO)
  • A revised data processing agreement (DPA)


Controller and Processor

According to GDPR, organizations need to understand the difference between data controllers and data processors. Depending on which of these your organization falls under, GDPR sets obligations and limits to what you can do with the personal data, and who is responsible for what.

The data controller, as its name implies, controls the overall purpose and means, or the ‘why’ and ‘how’ the data is to be used. The data controller can process the data by its own means. There may be situations, however, where a data controller needs to use an external service to process the data further. In this case, the data controller allows another company to process the personal data. This does not mean that the data controller gives “control” to another organization. The data controller remains in control by instructing the purpose and ends to which that company can process the data.


An organization that process the data on behalf of the data controller are called data processor. The data processor is limited to processing the data according to the instructions and purpose given by the data controller. A good way to think of a data processor is as a specialized technical partner, appointed to carry out specific tasks to accomplish the goals set by the data controller.


Controller and Processor when using Unifaun’s services

When you use Unifaun’s services, you as a customer are the data controller for personal data associated with shipments, address registers etc. In these cases Unifaun acts as data processor and will only process personal data according to your instructions (create labels, communicate with your carriers, archive shipments etc).
 
Unifaun are data controller for personal data you give us when you order Unifaun’s services and products, contact us via mail, phone or any other channel or visit our website. 


A more detailed description of what we do and how we handle personal data can be found in our 
Integrity policy.


Legal basis

GDPR requires all data controllers to keep a documented register of the personal data processing they are responsible for. When you use Unifaun’s services it is your responsibility, as a data controller, to find out and document what personal data you process in Unifaun’s services, why you need to do that and what the legal basis is.


Data Protection Officer

As a software company, handling a lot of personal data, Unifaun has decided to create a new role within the company – The Data Protection Officer. It is an internal role modelled after the requirements outlined in GDPR. The function works with assessing privacy requirements and issues at the application-level, as well as handling data processing agreements. 

Contact us 

We are more than happy to answer any questions you might have on privacy and data protection. You can always reach Unifaun’s Data Protection Officer at dpo@unifaun.com