Fuzer Privacy code of conduct

GDPR as a project

GDPR is a unique opportunity to bring the focus on privacy and by extension on security of data in Europe. From its creation, Destiny has been well aware of the importance of those matters. We consider GDPR as a chance to reconsider, formalize and improve, where necessary, our processes.

Practically, we have set up a GDPR team made of persons from each department and the top management. This team meets on a regular basis to monitor and control actions such as :
  • Roadmap and action plans definition and follow-up
  • Tools and processes deployment across departments

Our GDPR roadmap lists and prioritizes the tasks necessary for compliance. It includes the tasks contained in the 13-steps approach published by the Belgian Privacy Commission among which : ensure awareness, set up a treatment register, review privacy notices, ensure individual’s rights, determine lawful basis, define data breach procedure.

Controller and Data Processor

Depending on the type of data treatment, Destiny acts as a data processor or as a data controller as defined in the General Data Protection Regulation (GDPR).

Type of personal data and when it is collected

In order to provide its services, Destiny collects personal data such as names, contact information, telephone numbers, IP addresses, communication metadata (caller id, recipient id, timestamp, etc.). The content of the communication may in some instance be stored for the purpose of rendering the service. For example, voicemails are stored to allow the recipient to listen to them. Personal data may be used to monitor the service quality.

Fuzer collects the personal data through :
  • Contract information
  • Forms (for example for the provisioning of the services)
  • Operation of the services (for example for billing or quality purposes)
  • Our website(s), through commercial meetings or commercial database (for commercial purpose)

Based on the technical register of private attributes, personal data treatments are listed and maintained in a registry of treatments in accordance with article 30 of the regulation.

Purpose of the data treatment

The purpose of customer’s data treatment is to provide the business services in accordance with the contract. There is no data treatment made to have a personal profiling of the data subjects which are not in the context of the business relation with the customer.

Accent is set on minimization of the collection and treatment of private data. Only the personal data necessary to render the services are collected with legal and/or rational retention periods depending on the nature of the data and service.

Most of the personal data are collected and treated by Destiny in accordance with contracts. Some personal data are also collected and treated as required by law or in accordance with Destiny’s legitimate interest in view of the contracted services. Data subjects consents are requested where and when necessary.

Your rights

Where Destiny is a data controller, you may request:
  • Access, rectification or porting of your personal data
  • Erasure or objection to the processing of your personal data, as long as such erasure or objection is not contrary to the law, the contract or the legitimate interest of Destiny within the scope of the services contracted.

As a data processor, Destiny shall assist the data controller by implementing technical and organizational measures, in line with the regulation and market practices, for the fulfillment of data subjects rights. In this respect Destiny will promptly notify the data controller of received data subject requests and shall only respond in accordance with instructions of the data controller.

Subcontracting and transfer

Fuzer only transfers data to data processors that are engaged with GDPR and within its contractual and legal obligations.

Security

A specific team is dedicated to dealing with security of data and services by:
  • Controlling the deployment of the services in the light of the security
  • Putting in place tools which proactively test security
  • Defining roadmaps and action plans to maintain the security of the service
  • Maintaining and enforcing the security policy

Security recommendations towards our customers can be found at here.

Privacy by design

Technical registry of private attributes and registry of private treatments are updated on regular basis and certainly when a new service or process is to be introduced. At that time the impact on privacy of the new service or process is analyzed. The GDPR team controls the respect of privacy. Sessions to ensure the awareness of the “privacy by design” rules are regularly planned.

Procedure in case of breach

Should a data breach arise, the GDPR team assure that the impact of the breach is planned and analyzed by the security team and appropriate communication is done in compliance to GDPR rules. Efforts are made to improve the efficiency of data breach detection, as in this matter, time is key.

Contact Information

For all question or request concerning personal data, you can send a mail to : privacy@fuzer.net or a letter at : 
Fuzer sa
Privacy Department
408 Chaussée de Bruxelles
1300 Wavre
Belgium
Copyright © Fuzer SA