Centric Support must deal with the GDPR in several ways:
- we record the data of the reporter
- we store personal data of citizens in attachments
This document explains how we handle these privacy-sensitive data.
Support
Customer/reporter data
Why do we use your personal data?
On the Customer Portal of Centric, contact persons of our customers can report issues. These are usually one or more application and/or system administrators, policy officers, etc. We use the personal data of these ‘reporters’ to be able to contact them about the issues they have submitted.
What types of personal data do we process?
We store the first name, prefixes, last name, business phone number (landline and mobile) and the business email address of the contact persons in our Service Management Tool.
Who has access to your personal data?
Only authorized Centric employees have access to your personal data. The authorization is arranged for each employee.
What is the legal basis for processing your personal data?
We process the personal data of the contact persons to be able to handle and resolve the questions and issues they have submitted through various communication channels (telephone, e-mail, Customer Portal).
How long do we keep the personal data of the reporter?
At your request, we can delete the personal data of the reporter and thereby also block access to the Customer Portal. Notify Centric of any feature changes that result in access to the Customer Portal no longer being necessary.
What security measures are in place?
The Customer Portal is only accessible to contact persons and Centric employees who are authorized to do so. When an application and/or system administrator or policy officer leaves the organization or changes function, the contact person/employee is blocked. Your organization is responsible for reporting these changes in a timely manner.
It is not allowed to use a general account (email address) for access. Such an email address can be shared by multiple employees. If one of these employees leaves the company, changes the position, or leaves the organization, the employee can continue to use the account for access. In addition, two-step verification (2FA) will eventually be set up for access to the Portal.
Policy regarding attachment files
Why do we process the personal data of individual citizens?
When a software problem occurs in a specific ‘citizen file’ then the personal data of the relevant citizen are needed to analyze the problem and find a solution..
What personal data of citizens do we process?
Your organization determines what personal data is provided. In general, these are first name, initials, last name, date of birth, social security number and gender.
Who has access to the personal data of individual citizens?
Only Centric employees who are authorized for this have access to the personal data of the citizen. The authorization is arranged per employee.
Every Centric employee is required to sign a non-disclosure agreement. In this way, we emphasize that we treat the data we encounter confidentially in the performance of our work.
After the citizen's personal data has been uploaded via an attachment in the Customer Portal, the content of the attachment is only visible to the customer's reporters who have access to the product in question. The authorized Centric employees can view the attachment in our Service Management Tool.
What is the legal basis for processing citizens' personal data?
We process personal data of citizens solely for the purpose of handling queries and resolving reports submitted by contact persons of your organization by telephone, email or via the Customer Portal.
How long do we keep citizens' personal data?
We delete attachments containing personal data of citizens 3 months after completion of the incident. If there is still a change (error or wish) linked to it, then we delete it 3 months after completion of the change.
What security measures are in place?
The Customer Portal is only accessible to contact persons of the organization and to authorized Centric employees. Personal data of citizens that are provided to support of a question or issue may only be uploaded to the Customer Portal via an attachment. The provision of attachments via other channels (including email) is not allowed. Our Public Service Desk is not allowed to process these attachments.
In the explanation or description of the incident, personal data of citizens are not permitted. As the reporter, you are responsible for this. The file name of the attachment must also not contain any personal data.
Version
November 1, 2023.