Client Personal Data Protection Policy..

1 Scope

1.1 Prenax (the Data Processor) only processes personal data on behalf of its Client (The Data Controller) for the purpose of Subscription Services. Prenax agrees not to process any personal data for other purposes and agrees to fully comply with General Data Protection Regulation (GDPR).

1.2 Prenax only processes the following types of personal data:

Personal data that is required in order to fulfill the ordering and delivery of Subscription Services.

This typically includes name, delivery address, e-mail addresses and/or IP addresses.

 

2 Security

2.1 Prenax has implemented appropriate technical and organizational security measures to protect all personal data. This protection is against, and not limited to, accidental or unlawful destruction, loss or alteration and against unauthorized disclosure, abuse or other processing in violation of the provisions laid down in the Directive 95/46 EC of the European Parliament and of the Council and any applicable laws implementing it and/or any latter amendments hereof, including the Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing the EU Directive (hereinafter altogether (referred to as the “Data Protection Legislation”).

2.2 Prenax ensures that in the processing of personal data, it complies at all times with minimum security requirements required to comply with current General Data Protection Regulation (GDPR).

2.3 Prenax permits clients (subject to reasonable and appropriate confidentiality undertakings) to audit Prenax data processing activities and compliance to verify and/or procure that Prenax are in full compliance with their obligations under the General Data Protection Regulation (GDPR).

2.4 Prenax ensures that the employees processing personal data on its behalf have committed themselves to the obligation of confidentiality regarding any personal data processed.

2.5 Prenax shall immediately inform the client if, in its opinion, an instruction infringes the Data Protection Legislation.

2.6 All Prenax systems are built with software security as a vital part of the design. This implies that all systems are designed and built upon the assumption that malicious practices always can occur, and that all systems and processes need to be prepared for these events.

 

3 Sub-contractors

3.1 Prenax does not currently use subcontractors, but in the event that this should occur, Prenax would expect and require the same policy compliance as laid out in this document from its subcontractors.

 

4 Transfer of Data

4.1 Prenax guarantees that it will not transfer any personal data other than as set out in this policy.

4.2 Prenax will not transfer personal data out of the EU/EEA without the prior written approval of the Data Controller. When the Data Controller orders in writing any published material sourced outside of the EU/EEA, he expressly agrees that the personal data necessary to process the order is transferred, outside of the EU/EEA to the country of origin of the publisher. In such event, the Data Processor must comply with any requirements established by any data protection authority or any other governmental authorities necessary for the granting of approval by such authorities for the transfer of personal data outside of the EU/EEA, including by adherence to the Commission’s standard contractual clauses as set out by Commission Decision of 5 February 2010 with later amendments, to the extent applicable.

 

5 Data Breach Notification

Prenax (the Data Processor) shall without undue delay notify the Client (the Data Controller) in case of any identified or potential breach of personal data. The notification shall include any other information required in order for the client to comply with the General Data Protection Regulation (GDPR)., including information about the nature of the breach and measurements taken to control it.

 

6 Data storage & duration

Prenax only stores personal data for the purpose of executing the service to the client, and to comply with legal requirements.

Prenax will retain personal information only for as long as necessary for delivering the service, and/or to the extent required by applicable laws.

Personal data is securely stored within the EU/ EEA.

 

7 Miscellaneous

For any questions regarding Prenax personal Data protection policy, please contact us at Privacy@prenax.se or write to:

Prenax, Privacy Policy, Box 1080

Torshamnsgatan 39, 164 25 Kista, Sweden

 

Policy revised and approved 2022-02-22