GDPR Questionnaire
GDPR Questionnaire
GDPR Questionnaire
Date:
Department:
Obs.: After filling out the entire questionnaire, please forward to the email
[email protected]. Completion of the questionnaire is mandatory, there will be no
exceptions.
Personal data held on individual staff within customer or potential customer companies. This could include:
It is not clear whether personal data held on staff of customers who use our cloud services is the
responsibility of Swivel Secure, Amazon Web Services or the company to whom the server is leased.
2) According to Article 35(1), is Swivel Secure obligated to conduct DPIAs (Data Protection Impact
Assessment)? Explain
The requirement is that we must carry out a DPIA where processing “is likely to result in a high risk to
the rights and freedoms of individuals”. I cannot conceive of a situation where this might occur given the
nature of our company, but it is nonetheless a legal obligation.
3) How does the company protect personal data and how can you cooperate with the company in
preventing a possible security breach
Access to all systems which contain personal data is protected by username and password, and multi-
factor or strong additional authentication where possible. Members of staff should not reveal these
credentials to anyone outside the company, and should inform management and/or change the credentials
whenever they suspect credentials may have been compromised.
Page 1
4) Under Articles 13 and 14 of the GDPR, what can an individual request under what is called
"Privacy information"?
a) ( ) The individual can only exercise the rights to be informed and to rectify.
b) ( X ) The individual can exercise the rights to be informed, to object, to forget, to rectify, to
access, and to portability.
d) ( ) The individual can request access to all the rights mentioned in Article 13 and 14, except in
relation to automated decision making and profiling.
The Data Controller is the company, Swivel Secure Ltd or Swivel Secure Europe
The Data Processor is any member of staff who handles that data, or any third party who we contract to
handle that data.
6) Inform, in simplified form, what we could characterize as "Personal Data". (Personal question)
Personal email address (it is not clear whether company email address is also covered)
7) In the solutions/products presented by Swivel Secure, please mention which ones use special
personal data:
AuthControl Sentry is capable of extracting personal data from systems maintained by the customer. It is the choice of the
customer which data is collected. There is no requirement to collect special personal data except as stated below.
The only special personal data which is explicitly collected is through the biometric options of AuthControl Desktop, where
fingerprint and/or palm print data can be used to authenticate a user if the customer chooses to use it.
The latest mobile apps are capable of using biometric data to identify a user, but that is only used to confirm the identity of a
user of the device and does not require access to the biometric data directly.