Skip to main content

Data Protection Policy of OfferSwap

Offerswap avatar
Written by Offerswap
Updated over 3 months ago

Effective Date: 27.12.2024

Last Updated: 27.12.2024

1. Purpose

This Data Protection Policy outlines OfferSwap’s commitment to the secure and lawful processing of personal data in compliance with applicable laws, including the General Data Protection Regulation (GDPR). The purpose of this policy is to establish clear responsibilities and procedures to safeguard personal data and ensure transparency and accountability.

2. Scope

This policy applies to all employees, contractors, partners, and third parties who process personal data on behalf of OfferSwap. It covers all forms of personal data processing, whether electronic or physical.

3. Definitions

  • Personal Data: Any information related to an identified or identifiable natural person, such as name, email address, phone number, or IP address.

  • Data Subject: The individual whose personal data is processed.

  • Processing: Any operation performed on personal data, including collection, storage, modification, transfer, or deletion.

  • Sensitive Data: Data related to racial or ethnic origin, political opinions, religious beliefs, health, or other special categories requiring additional protection.

  • Data Controller: The entity that determines the purposes and means of processing personal data.

  • Data Processor: A third party that processes personal data on behalf of the Data Controller.

4. Roles and Responsibilities

Data Protection Officer (DPO)

  • Ensure compliance with data protection laws and this policy.

  • Act as the contact person for data protection matters.

  • Monitor internal data processing practices and conduct regular audits.

Employees and Contractors

  • Handle personal data in compliance with this policy.

  • Report data breaches or suspicious activities to the DPO immediately.

  • Follow data protection training and guidelines.

Third Parties

  • Comply with OfferSwap’s data protection requirements and contractual obligations.

  • Ensure secure processing of data and promptly report any data breaches.

5. Data Protection Principles

OfferSwap is committed to the following data protection principles under GDPR:

  1. Lawfulness, Fairness, and Transparency: Personal data must be processed lawfully, fairly, and transparently.

  2. Purpose Limitation: Data must be collected for specified, explicit, and legitimate purposes.

  3. Data Minimization: Only the data necessary for the stated purposes will be processed.

  4. Accuracy: Personal data must be accurate and kept up to date.

  5. Storage Limitation: Data will only be retained as long as necessary.

  6. Integrity and Confidentiality: Data must be processed securely to prevent unauthorized access or breaches.

6. Security Measures

OfferSwap implements technical and organizational measures to protect personal data, including:

  • Access Control: Restricting access to personal data based on job roles.

  • Encryption: Encrypting sensitive data during transfer and storage.

  • Incident Response: Clear procedures for identifying and managing data breaches.

  • Training: Regular training for employees and contractors.

  • Monitoring: Continuous monitoring of systems and processes to detect vulnerabilities.

7. Data Breach Management

In the event of a data breach:

  • The breach must be reported to the DPO immediately.

  • The DPO will assess the breach and determine whether regulatory authorities and data subjects need to be notified (e.g., within 72 hours as required by GDPR).

  • Remedial actions will be taken to mitigate risks and prevent recurrence.

8. Data Subject Rights

OfferSwap ensures that data subjects can exercise their GDPR rights, including:

  • Access: Request a copy of their personal data.

  • Correction: Rectify inaccurate or incomplete data.

  • Deletion: Request the deletion of their data ("right to be forgotten").

  • Restriction: Restrict the processing of their data in specific circumstances.

  • Portability: Obtain a copy of their data in a machine-readable format.

  • Objection: Object to specific types of data processing, including direct marketing.

Requests should be directed to the DPO, who will respond within the legal timeframes.

9. Data Retention and Disposal

  • Personal data will be retained only as long as necessary for the defined purposes or as required by law.

  • Unnecessary data will be securely disposed of, for example, by shredding or data wiping.

10. Third Parties

OfferSwap engages only third parties that guarantee adequate data protection standards. Contracts with third parties will:

  • Define data protection obligations.

  • Specify the purposes of processing.

  • Require reporting and cooperation in case of incidents.

11. Policy Violations

Non-compliance with this policy may result in disciplinary action, including termination of employment or contracts. For third parties, violations may result in contract termination.

12. Monitoring and Updates

This policy will be reviewed and updated annually or as necessary to reflect changes in legal requirements or organizational practices. Employees and contractors will be notified of significant changes.

13. Contact Information

For questions regarding this policy or data protection practices, please contact:

OfferSwap Oy

Address: Palokunnankatu 28 Lh5, 13100 Hämeenlinna, Suomi

Company ID: 3466554-5

VAT ID: FI34665545

Email: contact@offer-swap.com

Did this answer your question?