Movenium & GDPR
Security is important for Movenium and we take it with great seriousness. As a company and for its services, Visma Movenium is prepared for changes to the EU’s Data Protection Regulation (GDPR), which will enter into force on 25 May 2018. Here is a brief summary of how the change has been taken into account. At the end of this release there are links to useful resources, in order to learn more about GDPR at a general level
The Movenium customer is a Data Controller. As a customer, therefore, you are responsible for the fact that only the information necessary for your activity is stored in the system, the information is up-to-date and accessed only by those who need the information for performing their work. Users should also be told what information about them is stored, what information is used and who has access to the data.
Under the new Data Protection Regulation, a written agreement between the controller and the data processor is required to process the data. The controller must also advise the data processor for the correct processing of data. For this reason, we will send you new Terms of Service via email that will also include the processing of your agreement. Under the Data Protection Regulation, the contract must be accepted by a person holding rights to accept contracts on behalf of the company.
The security practices of Movenium’s software and its employees comply with the stringent international standards of the Visma Group. Our connection is always encrypted and we are committed to constantly developing our security. Movenium’s staff are trained to meet GDPR requirements. We do not share the information stored in the program with third parties, unless specifically requested by our client in writing, or the law so required by us. We only deal with our customers’ information to the extent necessary to resolve customer problems or develop our program. Detailed information on the data protection policy is provided in the updated Terms of Service.
GDPR related features in Movenium
Right to see what information about yourself has been stored
From your profile, each user sees all the information about themselves and can check their accuracy and check who has been processed. From the working time reports, the user can see their own records and their editing history. Data can also be collected by the user afterwards and delivered from the system to the already deleted user.
Notification of processing of personal data
We will notify all users of what information is stored for him, why the data is being stored, and who can handle the data. The user must accept the processing of the data within the application. This feature will be released shortly.
Those who use the label give their consent to the processing of the data by first stamping the stamping device. Applying to the stamping device by stamping is also a method approved by the Subscriber Responsibility.
Right to be forgotten
Each user can request to remove their information from the company administrator. At the user’s request, Movenium may delete the information of the person you are looking for. Please note that the normal removal of the line does not delete data from the service, as the data is recoverable. To finalize the information, please contact firstname.lastname@example.org
Important! The company may refuse to remove the data on the grounds that data retention is mandatory under law. For example, according to accounting law, the accounting material will be kept for six years from the end of the financial year. Records of working time can most often be considered as part of a payroll record whose statutory retention time is six or up to 10 years. In this case, data can not be deleted even if a single person requests it.
According to the law, the main contractor or other principal importer shall keep the list of persons for construction work six years after the end of the year in which the construction site was completed. As a result, tax evasion information is also subject to statutory restrictions.
Data on site work records must be kept for 10 years after the building has been commissioned.
In order to tell who has dealt with any information we have released a separate activity log for the administrators. The activity log can be found in the service settings menu. All entries, changes, deletions, and searches are saved in the activity log. In practice, here you can easily find out who has looked at who edited or edited them.
Recommendations for use
By default, the data that is stored in the Movenium system is not sensitive data defined in the Privacy Settings. Because our customers can customize the service in a variety of ways, it is possible that some of our customers will also collect sensitive personal information. In the case of such data, it is necessary to consider in particular whether the storage of data is necessary and who is able to access the data.
Here is a list of the most essential guidelines we have on using the program from the point of view of personal data protection:
- As a user of the service you are responsible for what information you store and what fields you add to it.
Make sure the visibility of your data is restricted to people who really need information. You can take advantage of the following features:
- Roles (in particular, limit the allocation of the main user IDs)
- Groups (allow user only to see what is belonging to his group)
- The supervisor function (allow to see only his subordinates)
- Worktime Groups
- User-specific restrictions
Do not use shared credentials as then you cannot know who made the change to what data.
- Delete the idle names of employees immediately so that they do not have access to the program after the end of the employment relationship.
- Do not share personal information with third parties without having permission from the people who share your information. By way of exception to information about the obligation to notify the main contractor, taxpayer or other authority.
- Make a written agreement with your accounting office or payroll calculator, and specify how, for example, Information in Movenium should be processed.
- Take the familiarization feature and also tell the employees of the subcontractors what information they collect and what purpose (data collected for tax reporting).
- Privacy policies in constructions sites: https://www.sverigesbyggindustrier.se/gdpr#gdpr
- General information about GDPR:
- Visma Software webinaaritallenne, joka käsittelee uutta tietosuoja-asetusta laajasti.
- Tietosuojavaltuutettu, Rekisterit yhteisellä rakennustyömaalla työskentelevistä.
- Tietosuojavaltuutetun sivusto uudesta tietosuoja-asetuksesta.