The EU has decided to change the data privacy regulation with the introduction of the General Data Protection Regulation (GDPR). The regulations take effect from 25 May 2018.
We at LINK welcome the changes brought on by the GDPR and acknowledge our responsibility as a processor of Personal Data. Keeping Personal Data safe and to comply with applicable tele- and data regulation in the countries wherein we operate, is our highest priority.
Data Processing Agreement
Download our example Data Processing Agreement as PDF
Download our Privacy Notice as a PDF document
Frequently asked questions regarding GDPR
Q: Does LINK Mobility have a Data Protection Officer?
A: Yes, LINK Mobility has a Data Protection Officer registered by the Norwegian Data Protection Authority.
Q: Does LINK Mobility have Data Processing Agreements (DPA) with all Sub-processors?
A: LINK is on its way to sign DPAs with all Sub-processors used by LINK, with the intention that this will be completed before 25th of May 2018. A list of Sub-processors will be available to LINK customers.
Q: Have any measures been taken for the purpose of establishing Privacy by Design?
A: LINK has an information security policy covering Privacy by Design and all staff is trained in data protection by design and default.
Q: Are you able to provide Personal Data as a data file (e.g. excel, csv, xml etc.)?
A: Yes, we can provide a data file with Personal Data upon request from the Controller (when LINK is Processor) or from the Data Subject (when LINK is Controller).
Q: What are the purposes for processing Personal Data?
A: LINK as Processor: The purposes and legal grounds for processing must be defined by LINK’s customer (the Controller) or by governing law.
Q: Do you have routines for handling a potential Personal Data breach?
A: All routines regarding handling of Personal Data will be covered by our governance system.
Q: Do you share Personal Data with third parties?
A: LINK may disclose personal data to third party vendors and hosting partners who perform services for LINK, in order to be able to deliver the services. These third party vendors will only use the Personal Data for the purposes they were collected, and in order to perform their services towards LINK. The relationship to such third party vendors will be governed by a Data Processing Agreement. The disclosure of Personal Data to public bodies may occur if and to the extent required by law and current regulations.
Q: What is the retention time for Personal Data (how long is data stored)?
A: LINK as Processor: The retention time is defined by LINK’s customer (the Controller) or by governing law. Data is deleted as instructed by the Controller.
A: LINK as Controller: Depending on the product, the retention time is defined in the customer agreement. The individual can at any time withdraw their consents and execute their right to be forgotten.
Q: Is all Personal Data stored within the EU/EEA?
A: Yes. Depending on the product, data is either stored at LINK controlled premises or reputable cloud services within the EU/EEA.
Q: How is Personal Data secured?
A: Only authorised personnel within LINK has access to Personal Data. The Controller will be provided with credentials to manage their own data. Networks are protected by firewalls and all data is encrypted in transit.