Data Processors and Data Controllers
We use the terms “Data Processor” and “Data Controller” when discussing personal data. Treffas is a data processor, and our users are the data controllers. This means that we process your client’s data on your behalf and in their best interest. Therefore, you also have control over how we process this information since we can only do so if instructed by you.
Is Treffas compliant?
- If you have been set up with Treffas, then you have implicitly agreed to our terms of data processing.
Location of data
The new General Data Protection Regulation makes it legal to transfer personal data between EU countries, so long as there is an adequate level of security. At Treffas, we understand how important your clients’ data is to you. That’s why we store it securely at an off-site location so you can rest easy knowing that their information is well-protected. Your data will always be covered by the General Data Protection Regulation when stored with us.
Is Treffas compliant?
- Treffas is already set up to store all your data at our secure servers.
What About Consent and Disclosure Requirements?
As a data controller, storing and processing your clients’ data clearly and concisely is vital. The data processing must be contracted or consented to and should have a specific purpose that your client is aware of. They need to know the following:
● What personal data will you register,
● What is the personal data going to be used for
● How long the personal data will be stored,
● Your client must have their information corrected, deleted, or handed over.
● Where your client may turn to avail themselves of their right to rectify, delete, or receive information about the handling of their data,
● At any point, the client may withdraw their consent and how to do so
If you set up clients in Treffas, they will need to agree to this and will be given the information mentioned above. At Treffas, online appointments must always be approved by specific conditions to guarantee consent.
Is Treffas compliant?
- To comply with data regulations, you must get your clients’ consent to store and process their data. You can do this easily with Treffas.
Data Protection Officer
Since the new General Data Protection Regulation was implemented, data processors like us are now required to have a DPO or someone responsible for ensuring that our company meets all of the requirements. A DPO is tasked with advising us on compliance with data protection laws, ensuring our procedures are up to date and monitored correctly, and responding to any queries about the data we process.
Is Treffas compliant?
- Treffas has dealt with this issue by appointing a Data Protection Officer (DPO), who, amongst other duties, deals with any questions from clients about processing their data.
Data Portability
At Treffas, we provide our clients with the ability to export their personal data in a secure format, and we ensure that the transfer of this data is done so in accordance with GDPR standards. We are also available to answer any questions about data portability you may have.
Is Treffas compliant?
- This refers to the ability of a client to move their data from one service provider to another. The General Data Protection Regulation makes it mandatory for us as data processors to comply with the ‘Right of Data Portability’, which means that all clients have the right to transfer their data from our system to another.
The “Right to be Forgotten.”
You can specify a client as “Inactive” or delete the client from your directory altogether. If you want to meet the requirements for the “Right to be Forgotten“, it is critical that you delete the client from your directory.
Is Treffas compliant?
- This refers to a client’s right to delete all of their data from our system. We comply with the General Data Protection Regulation and allow our clients to delete their data from our system completely, thus ensuring that they can exercise this “Right to be forgotten“.
Privacy by design / Privacy by default
At Treffas, we take your data privacy and security seriously. We comply with the General Data Protection Regulation, which includes implementing ‘privacy by design and ‘Privacy by default measures into our system. This means that all of the personal data stored in our system is kept secure and private at all times.
Not only do we encrypt personal data to satisfy various requirements, but if you use other systems, it is your responsibility as the data controller to ensure that they comply with said requirements too. Treffas only transfers data over an encrypted connection if you have linked it to another system. However, you, as the data controller, are responsible for ensuring that the other system(s) you are using comply with GDPR requirements for the storage of personal data.
Is Treffas compliant?
- To meet the requirements of the GDPR, you must assess whether other programs you use to process personal data comply with its regulations. If they don’t, then you need to sign a data processing agreement with your chosen data processors.
Impact assessment
An impact assessment describes the technologies/products you use that handle personal data. It may include, among other things, an evaluation of the risks for your clients concerning being a client with you and what precautions and security measures you take in relation to the storage of personal data.
We can answer any questions about impact assessment or any other GDPR-related concerns. We are committed to helping you meet all the requirements for compliance, so please do not hesitate to contact us.
Is Treffas compliant?
- If you are a data controller, the new General Data Protection Regulation requires that you do a risk assessment.
Notification Duty Regarding Data Breaches
At Treffas, we take data breaches seriously and will always ensure that our clients are informed as soon as possible of any potential risks, and the steps taken to address them. We are also available to answer any questions you may have regarding data breaches.
We understand that data privacy is a responsibility that we take very seriously, so we strive to ensure that our clients feel secure and safe when using our services. If you have additional concerns with regards to the GDPR, please do not hesitate to reach out.
Is Treffas compliant?
- The GDPR requires that we notify the appropriate authorities and affected individuals within 72 hours of a data breach. The notification must include information about what happened, who was affected, and the steps taken or planned to mitigate any further risk.
Documentation that the General Data Protection Regulation is being complied with
At Treffas, we ensure that all of our records are up to date and in accordance with the GDPR. We regularly review our practices to make sure that your data is being handled and stored securely. We also keep evidence of our compliance, such as audits or risk assessments. If you have any questions or concerns about compliance with the GDPR, please do not hesitate to contact us.
Is Treffas compliant?
- Documentation is key to proving that you, as data controller, are compliant with GDPR. This includes having records which show that data has been processed appropriately in the systems you utilize.
SSL security / encrypted communication
If your website doesn’t have the small SSL padlock in the browser, consider changing to a system that does, or contacting your supplier to make sure this is dealt with.
Is Treffas compliant?
- If you control data, it is crucial to understand how to securely send information from a web browser to a system. For example, this occurs when editing journal entries or making appointments. Many appointment-scheduling applications, billing software, and online record-keeping systems lack SSL security features.
Exchange of data between platforms (integrations, apps)
As a data controller, it’s critical that you’re aware of the various platforms you use and how they manage personal information. When using an online system for tasks like inputting records or billing, it’s often possible for the system to share data automatically with other platforms.
At Treffas, all integrations use SSL security to protect your data and prevent it from being “leaked.” This means that you can rest assured that the data is always transferred securely and confidentially
We understand how important it is to keep your client’s data safe, so if you have any questions about integrations or other aspects of GDPR compliance, please do not hesitate to get in touch.
Is Treffas compliant?
- Treffas guarantees secure communication in all integrations by utilizing SSL.