Inex One and GDPR
Personal data plays a huge part in society and the economy, and one of the aims of the GDPR has been to bring data privacy laws up to speed with technological change and development.
With the Inex One EMS, you will get the support you need in your compliance efforts.
No personal data on hard drives
When using the EMS, you can store all data related to experts and expert calls directly in our system. No more need for sharing excel worksheets and worrying about conflicting versions. The Inex One platform will automatically anonymize any personal data after a certain time, all to adhere to the requirements of the GDPR.
Fewer emails, less data
Invite your colleagues to collaborate on expert requests and comment on expert profiles directly in the EMS. With Inex One, you don’t have to spend time on unnecessary emailing or worry about if the information you’re sending classifies as personal data.
Respecting the rights of the data subject
When acting as a data controller, you have specific legal obligations towards the individuals whose data you’re handling. Amongst other things, the GDPR gives data subjects the right to have personal data erased, modified or transferred. The Inex One EMS helps you fullfil these obligations.
Inex One as data controller and data processor
The GDPR defines two roles that are subject to different legal obligations. The nature of Inex One’s service makes us both data controller and data processor, depending on the processing.
The Data Controller: A legal unit or similar that determines the purposes and means of the processing of personal data. Inex One is a data controller when we process data about our own employees, about our customer contacts or the users of the EMS.
The Data Processor: A legal unit or similar which processes personal data on behalf of the data controller. Inex One is a data processor when we provide the EMS services to our clients and and suppliers.
Our Commitment to GDPR
At Inex One, the security and privacy of our clients’ personal data are our highest priority. Our product suite is built to match the requirements of the GDPR, and we work diligently to keep your data safe.
Privacy by Design: Our EMS was designed with data protection in mind, and we take privacy into account throughout the whole engineering process.
Privacy by Default: We only collect the minimum required amount of personal data, and we only use that data for the intended purposes.
Secure cloud hosting: We host our EMS with Heroku, a part of Salesforce. For more information on Heroku’s security processes, visit the Heroku Security, Privacy and Compliance Website.
Technical and operational measures (TOMs), physical access control: Inex One has multiple measures in place to ensure no unauthorized individuals can access the Inex One systems. These measures include but are not limited to i) Inex One headquarters has secured entry using badges and keys, ii) access to internal systems is provided based on a personal log in that has to meet strict requirements, and iii) user access is assigned on need basis
Strong contractual commitments: Our Data Processing Agreement contains provisions to assist our clients in their GDPR compliance efforts.