What we do in the role of data controllers
Umbraco is the data controller in many situations e.g.:
- When we use a payroll system (name, address, social security number etc)
- The office telephone list (we don’t have one, but if we had one…)
- When we receive applications for jobs openings
- Our service and support system
- And many other situations
We are only allowed to register information provided that one of these are met:
- We have to if e.g. TAX authorities insist (and they have the law on their side) that we tell them how much money we pay any individual.
- A valid and limited purpose e.g. registration of data in a support system
- We have received consent to do so e.g. email marketing
Note that consent is not always necessary. The booking laws require us to register data despite your perhaps not want us to do so. An employee can neither refuse us to register and share data with the tax authorities.
As a Data Controller, we have reached out to all our Data Processors e.g. email marketing system, support system and received their Data Protection Agreement. An example of this is Zendesk that we use for support purposes. Here is a part of the DPA:
Example of the DPA from Zendesk