|GDPR Statement||GDPR Compliance||Safety & Security|
1. Scope of application
This policy applies to all Malmberg Group Ltd, here known as Malmberg Group, employees and collaborators. Furthermore, it applies to malmberg.io service which can be accessed via www.malmberg.io.
1.) All definitions, as processing, controller, processor, data, sensitive data, used in this Commitment shall have its regular meaning as set forth by the General Data Protection Regulation.
2.) Sub-processor means any person or a third party appointed by or on behalf of Processor to conduct actions on personal data.
3.) Service means software malmberg.io and consulting services offered by Malmberg Group.
4.) User and customer mean respectively any person who uses services of Malmberg Group with the access to an active account regardless of version (trial or premium).
1.) This Data Protection Statement is unilaterally binding upon Malmberg Group and shall be understood as a policy applicable to the enterprise as a whole.
2.) Malmberg Group declares that it is aware of internal risks arising out of data processing and shall devote its time and resources to minimize any risk concerning data entered into the system.
3.) This Data Protection Commitment amounts to be a proof of Malmberg Group being GDPR compliant.
4.) Agreement between Malmberg Group and customer means Terms of Service.
4. Opening statements
Malmberg Group Ltd, registered in England & Wales under company number 10787029 as a company with limited liability. Malmberg Group is aware of responsibilities arising from General Data Protection Regulation and dedicates itself to accomplish goals set forth in the regulation.
The Malmberg Group Team, represented by CEO Roy Malmberg, undertook steps to comply with the requirements and hereby by this document expresses its affirmation to the above mentioned principles which becomes binding on us by a unilateral declaration.
1.) Managing users data in a mutually agreed manner;
2.) Managing users data shall be transparent;
3.) Ensuring information assets and processing facilities are protected against unauthorized access or misuse;
4.) Ensuring that all crucial security-related legal obligations shall be fulfilled;
5.) Creation of procedures adjusting data protection reporting;
6.) An obligation to investigate all known breaches of data security unconditionally if it is factual or suspected;
7.) Conducting risk assessment and employing potential techniques to minimize the occurrence of data protection breach;
8.) Ensuring that all relevant security communications are made both internally and externally to inform, advise, and encourage best practices in data protection;
9.) Develop, adjust, and constantly improve data protection to address newly arising concerns of our users;
10.) Provide transparent Terms of Service complaint with General Data Protection Policy;
11.) Provide transparent Safety and Security which explains data storage and security policy compliant with General Data Protection Regulation
12.) Provide guidelines for our customers in conducting a risk assessment.
5. Data Protection Policy
1.) Malmberg Group acts as both, data controller and processor. In case of data of customers or users, Malmberg Group acts as a data controller with the ability to define aim and purpose of processing. In case of any other data entered to the system by an end user or our customer, with a special focus on prospects database, IMAP server data, campaign, Malmberg Group acts as a processor which takes actions on data on behalf of a controller, by providing automation service.
2.) Malmberg Group acting as a controller declares that data of EU citizens shall be stored on EU or US located servers.
3.) Malmberg Group acting as a processor declares that it will not transfer data of the customer to any third country which does not fulfill security standards. In case of most of Malmberg Group’s sub-processors, data are transferred under Privacy Shield Agreement to the USA-based servers.
4.) The main aim of data collection is to establish subscription agreement, enable account functioning, provide technical support and maintenance, monitor activities what raises protection security, ensure proper account functioning, maintain access via API standard method or provide invoices.
5.) Malmberg Group indicated that in case of any complaint or doubt concerning data security, it is willing to reply to every concern. Any complaint, data deletion request, data modification request, data return request shall be sent to Malmberg Group via email@example.com,
6.) Due to technical inability, Malmberg Group as a processor, shall not be responsible for data in the content of conversations apart from its full dedication to ensure adequate technical security measures.
7.) To ensure data confidentiality, Malmberg Group declares that is will not lease, sell, or exchange any data concerning customers or end-users with any third party, with the exclusion of processors and sub-processors employed by Malmberg Group, or if otherwise required by law.
8.) To limit data access or request additional information, user or client shall submit a written request via firstname.lastname@example.org.
9.) Data processing of customers or users’ data is based upon consent.
10.) Data processing of content, prospects’ database, and campaigns is based upon the agreement between Malmberg Group (processor) and a customer or user (controller).
11.) As a company dedicated to data security, relevant data protection security training sessions were conducted internally.
12.) All staff of Malmberg Group has Non-disclosure agreements signed and is allowed to process data only to the extent which is necessary to ensure maintenance and support for customers.
6. Dispute solving
1.) Malmberg Group is willing to participate in amicable dispute settlement or mediation in case of a dispute.
2.) If such a solution is not possible, Malmberg Group as a company registered in England & Wales is obliged to solve disputes on the grounds of jurisdiction of United Kingdom.