Our commitment to GDPR and information security standards
The GDPR (General Data Protection Regulation) is an EU Regulation that replaced the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organizations who collect or process personal data. It came into force on May 25, 2018. The regulation builds on many of the 1995 Directive’s requirements for data privacy and security but includes several new provisions to bolster the rights of data subjects and add harsher penalties for violations.
Barium has always made information security and customer privacy a top priority – and our conformance to the ISO-27001 certification since 2013 made us well prepared for the GDPR regulation. We have incorporated the GDPR regulation in our ISO 27001 routine to ensure compliance and continuous improvements (and of course we use our Barium-platform that is ideally suited to give an organization the tools, processes, and applications to become GDPR compliant) Read more about our capabilities here.
We also want to help you meet your obligations under the GDPR regulation to the extent that you use Barium to collect and store personal data. Therefore we have ensured that both we and our product are compliant with the GDPR.
Our Legal Documentation
Decisions and routines on your side
Barium delivers a robust and multifaceted platform, enabling customers to create applications for several use cases and also process a different kind of information. Therefore it will be vital for you to decide what type of information you allow to store and process in the Barium platform (Barium Live) related to your internal policies.
- Decide what information to store, how long to keep it, and if possible make it anonymous.
FAQ (Frequently asked questions)
How is data being processed in Barium Live
Type of individual
|Type of data being Processed in Barium Live||How long do Barium keep personal data||Where is the data being stored||Who is the owner (controller) of the data|
Any individual you as a client/user have interest in.
You are a client if you pay for and distribute user licenses to the Barium live platform amongst your coworkers/end users.
Any data that you as a client/end user consider to have a legitimate reason to process in Barium Live.
Customers To Barium Live can build almost any application within the Barium platform. An application can be populated with any type of data
As long as you as the client (data owner) or end user wants, e.g. until you migrate or choose to delete/redact the data.
Also, note that all data will be stored 30 days extra after deletion in our backups before the data is deleted beyond restoration. This can be good to take into consideration when communicating with registered individuals (Data subjects) before they consent to any processing.
|All data processed in Barium Live is being stored in Sweden.||
The legal owner of this data is the client. In this aspect the owner is often referred to as the data controller
You are a client if you pay for and distribute user licenses to the Barium live platform amongst your coworkers/end users).
You as an End user.
You are considered to be an End user if you have been provided with an active user account to Barium Live.
Personal information related to User Accounts:
Other, like profile picture and language preferences
Personal information on User Accounts:
How are data being processed in Barium’s internal CRM system
|Type of individual||Type of data being Processed by Barium AB||How long do Barium keep personal data||Where is the data being stored||Who is the owner (controller) of the data.|
|You as an Client (paying customer to Barium AB)||Contact information and archive of any communication between Barium and you as a Client.||We keep personal data about you clients as long as we have an active business relation regulated in an agreement, or as long as we intend to create a business relationship that is regulated in an agreement.||