Introduction
Goava is committed to complying with the General Data Protection Regulation (GDPR) when processing personal data. This document outlines the circumstances under which Goava acts as a Data Controller ("personuppgiftansvarig") and when it acts as a Data Processor ("personuppgiftbiträde").
Definitions
Data Controller ("Personuppgiftansvarig"): The entity that determines the purposes and means of the processing of personal data.
Data Processor ("Personuppgiftbiträde"): The entity that processes personal data on behalf of the Data Controller.
When Goava Acts as a Data Controller
Goava acts as a Data Controller in the following situations:
Collection of Publicly Available Data:
- When Goava collects and processes personal data from open/public sources such as news websites, company websites, and annual financial reports to create and maintain its own database.
- In these instances, Goava determines the purposes (e.g., enhancing sales intelligence) and means (e.g., methods of data collection and maintenance) of the data processing activities.
Internal Data Processing:
- For the purposes of improving our platform, conducting research, and developing new services.
- When processing personal data of our employees and collaborators.
When Goava Acts as a Data Processor
Goava acts as a Data Processor in the following situations:
On Behalf of Clients:
- When Goava processes personal data provided by its clients or collected on behalf of its clients, in accordance with the instructions and agreements set forth by the clients.
- For example, if a client provides a list of contact details for Goava to enrich or analyze, Goava would be considered a Data Processor, since the client (Data Controller) retains control over the data.
Responsibilities of Goava as a Data Controller
As a Data Controller, Goava is responsible for:
1. Determining the legal basis for collecting and processing personal data.
2. Ensuring transparency by providing data subjects with information about how their data will be used.
3. Implementing appropriate technical and organizational measures to protect personal data.
4. Responding to data subject requests, such as access, rectification, or deletion of their personal data.
5. Ensuring compliance with GDPR and other applicable data protection laws.
Responsibilities of Goava as a Data Processor
As a Data Processor, Goava is responsible for:
1. Processing data only on the documented instructions of the Data Controller.
2. Implementing appropriate technical and organizational measures to ensure data security.
3. Assisting the Data Controller in complying with GDPR obligations, such as responding to data subject requests.
4. Ensuring that all personnel processing the data are subject to a duty of confidentiality.
5. Informing the Data Controller if any data breach occurs.
6. Deleting or returning all personal data to the Data Controller after the end of the processing relationship.
Conclusion
By clearly defining our roles and responsibilities, Goava ensures compliance with GDPR and protects the personal data we process. This document will be reviewed periodically to reflect any changes in our data processing activities or legal requirements.
For any questions or further information, please contact our Data Protection Officer at [DPO's contact information].