Guide to personal information in RamBase (GDPR user guide)
As a RamBase customer, you are responsible for your handling of personal related data, and need to ensure that it is within the scope of the General Data Protection Regulation (GDPR). This document is created as a guide for handling personal information in RamBase.
Definitions
Personal information - Information and assessments that can be linked to an individual (which can be used to identify a person). Examples include name, address, phone number, email address, pictures and digital tracks.
Sensitive Personal Information - Information on particularly sensitive conditions such as racial or ethnic background, political, philosophical or religious opinion, criminal history, health, sexual orientation and union affiliation.
Notice that personal information is information that can be linked to an individual. If your customer is a company, the information linked to the customer is not personal information. If your customer is a person, the information can be considered personal information.
Personal information on Person objects - Information related to registration of person, such as customer, employee, contact person, etc.
Personal Information on Transaction objects - Information related to the registration of transactions that have taken place between company and person.
It is also important to differ between person related and transaction related information. If an individual decides to terminate the customer relationship, the individual can require to be forgotten in your database, but cannot require that historical transactions are forgotten. Business history is business history and you cannot change it. The GDPR individual rights is mainly about person related information.
Only a very limited amount of personal information is stored in labeled fields in RamBase. No sensitive personal information is stored in RamBase.
GDPR individual rights
The GDPR has stated some individual rights according to storage of personal data:
The right to access and get information about personal data
The right to object and/or restrict processing of personal data - For instance for automated data processing or direct marketing subjects.
The right to portability - To be able to deliver information in a format that makes it possible to load it into another data system.
The right to correction and rectification - If the data about a person is wrong or incorrect, it should be corrected.
The right to be forgotten - When storing of personal information is no longer needed, it must be deleted or anonymized.
Personal data in RamBase are registered in:
The Personnel (PER) application.
The Customer (CUS) application, if the customer is a person (B2C business).
The Contact Person (CNT) application.