Guldmann's compliance with GDPR
The following outline explains the generally applicable measures put in place by Guldmann Group in order to comply with GDPR (the General Data Protection Regulation).
Most personal data processing at Guldmann takes place in connection with processing employees' personal data. Where customers and suppliers are concerned, personal data processing concerns mainly details of contact persons.
V. Guldmann A/S in Denmark is the main company and the office from which company development is controlled, including all its IT systems, R&D, general technical support and marketing.
Employees and recruitment
Employee personal data and employee documents are administered in the HR department mainly through an electronic archive of personnel data to which the employee's manager and the employee has relevant access. Recruitment and personnel administration is undertaken in other closed systems to which only HR and relevant employees have access to relevant data.
In Denmark, payroll administration at Guldmann is executed by our own finance department, mainly using electronic payroll, ERP and absence registration systems. Some folders are kept in locked cabinets.
The US, Canada, Ukraine and Brazil
No employees in the EU or EEA are managed by our subsidiaries in the US, Canada, Ukraine or Brazil.
Employees in the US, Canada, Ukraine and Brazil are subject to Guldmann’s ‘IT and personal data processing and protection policy‘ as applicable to all Guldmann employees.
V. Guldmann A/S and its subsidiaries in the US, Canada, Ukraine and Brazil have signed up to the European Commission's standard contract in accordance with Commission Decision C(2004)5721.
France, Italy, Germany, Sweden, the UK
Employee personal data and employee documents are administered in a closed folder system to which only relevant employees have access. Employees can obtain access to their own personal data on request to their manager.
In France, Italy, Germany, Sweden and the UK, the payroll system is administered by external providers, or in a collaboration between external providers and the payroll administration department in Denmark.
IT systems and marketing systems are managed and operated primarily by V. Guldmann A/S.
In Sweden, the UK and Germany there is also partial payroll administration at V. Guldmann A/S in partnership with local payroll administration companies.
The partnership is described in data processing agreements, with the subsidiaries as data controllers and V. Guldmann A/S as the data processor.
Guldmann has entered the relevant contact information and meeting minutes on customers and end users in our ERP system and CRM systems. Personal data is maintained on a regular basis, and deleted once the cooperation with and obligations towards a customer ceases. On the whole, our customer relations take the form of business-to-business relations. In correspondence with customers, Guldmann employees adhere to Guldmann’s ‘IT and personal data processing and protection policy’.
The customer may in certain cases inform Guldmann of data concerning health of end users, if this is to be taken into account in connection with installation or servicing work. The information is deleted when it is no longer needed.
It may happen that Guldmann has to design a product solution in cooperation with the customer or the customer's representatives (e.g., doctors and healthcare workers). If we receive information on the identity and clinical situation of a patient, we anonymise or pseudonymise personal data as far as possible or delete personal data when the task has been completed.
We comply with authority requirements for documentation of product development and incidents relating to users.
Our ERP and Outlook systems contain contact information for contact persons at our product suppliers and service providers. Personal data is maintained on a regular basis and deleted once the cooperation with and obligations towards suppliers ceases.
Where models are used in marketing material, consent is given by the models.
Third countries and travel
Besides the cooperation with our subsidiaries in the US, Canada, Ukraine and Brazil (described above), Guldmann works with distributors around the world and affords them support in matters of order processing, marketing material, consultancy and training.
When Guldmann employees travel to these countries, they access Guldmann systems only via encrypted computers and telephones. In correspondence with distributors, Guldmann employees adhere to the ‘IT and personal data processing and protection policy’.
At Guldmann, only IT systems and software approved by the IT department may be used. Guldmann itself hosts central IT systems. An independent IT audit is performed.
Compliance with GDPR
In cooperation with the IT department and the management, the HR department coordinates Guldmann's compliance with GDPR.
When onboarding, employees are introduced to the ‘IT and personal data processing and protection policy‘ and the methods of processing personal data that are relevant to their position at Guldmann.