Select Page

GDPR Compliance

Our commitment to GDPR and information security standards

The GDPR (General Data Protection Regulation) is an EU Regulation that replaced the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organizations who collect or process personal data. It came into force on May 25, 2018. The regulation builds on many of the 1995 Directive’s requirements for data privacy and security but includes several new provisions to bolster the rights of data subjects and add harsher penalties for violations.

 

Our commitment

Barium has always made information security and customer privacy a top priority – and our conformance to the ISO-27001 certification since 2013 made us well prepared for the GDPR regulation. We have incorporated the GDPR regulation in our ISO 27001 routine to ensure compliance and continuous improvements (and of course we use our Barium-platform that is ideally suited to give an organization the tools, processes, and applications to become GDPR compliant)  Read more about our capabilities here.

Product

We also want to help you meet your obligations under the GDPR regulation to the extent that you use Barium to collect and store personal data. Therefore we have ensured that both we and our product are compliant with the GDPR.

Our Legal Documentation

Our legal documentation (namely our Customer Terms of Service, our Data Processing Agreement, and our Privacy Policy) has been updated and include the mandatory Processor provisions required by Article 28 of the GDPR. You can find all our legal documentation here

Decisions and routines on your side

Barium delivers a robust and multifaceted platform, enabling customers to create applications for several use cases and also process a different kind of information. Therefore it will be vital for you to decide what type of information you allow to store and process in the Barium platform (Barium Live) related to your internal policies.

  • Decide what information to store, how long to keep it, and if possible make it anonymous. 

FAQ (Frequently asked questions)

How is data being processed in Barium Live

Type of individual

(Data subject)

Type of data being Processed in Barium Live How long do Barium keep personal data Where is the data being stored Who is the owner (controller) of the data

Any individual you as a client/user have interest in.

You are a client if you pay for and distribute user licenses to the Barium live platform amongst your coworkers/end users.

Any data that you as a client/end user consider to have a legitimate reason to process in Barium Live.

Customers To Barium Live can build almost any application within the Barium platform. An application can be populated  with any type of data

As long as you as the client (data owner) or end user wants, e.g. until you migrate or choose to  delete/redact the data. 

Also, note that all data will be stored 30 days extra after deletion in our backups before the data is deleted beyond restoration. This can be good to take into consideration when communicating with registered individuals (Data subjects) before they consent to any processing.

All data processed in Barium Live is being stored  in Sweden.

The legal owner of this data is the client. In this aspect the owner is often referred to as the data controller

You are a client if you pay for and distribute user licenses to the Barium live platform amongst your coworkers/end users).

You as an End user.

You are considered to be an End user if you have been provided with  an active user account to Barium Live. 

Personal information related to  User Accounts:  

* Username 
* Email
* name 

Other, like profile picture and language preferences

Audit logs:
User activity.
(create, read, update & delete actions.)

System logs:
Login attempts
IP-number
User activity

Personal information on User Accounts:   
As long as the client (data owner) wants, e.g. until the client wants to delete a user account.

Audit logs:
Data audit logs will be keep for at  least 5 years, (for legal reason) or deleted when clients stop being a paying customer. 

System logs:
Data in system logs (owned by Barium AB will be kept for at least 5 years for security reasons.

See above

Audit Logs:
The Client

System Logs:
Barium AB

How are data being processed in Barium’s internal CRM system

Type of individual Type of data being Processed by Barium AB How long do Barium keep personal data Where is the data being stored Who is the owner (controller) of the data. 
You as an Client (paying customer to Barium AB) Contact information and archive of any communication between Barium and you as a Client. We keep personal data about you clients as long as we have an active business relation regulated in an agreement, or as long as we intend to create a business relationship that is regulated in an agreement.

Country:
USA

System:
HubSpot

Barium AB