{"id":4872,"date":"2018-07-17T08:59:02","date_gmt":"2018-07-17T07:59:02","guid":{"rendered":"https:\/\/www.oderland.se\/support\/?post_type=ht_kb&#038;p=4872"},"modified":"2024-07-29T10:10:35","modified_gmt":"2024-07-29T09:10:35","slug":"how-is-my-personal-information-handled","status":"publish","type":"ht_kb","link":"https:\/\/www.oderland.se\/support\/en\/artikel\/how-is-my-personal-information-handled\/","title":{"rendered":"How is my personal information handled?"},"content":{"rendered":"\n<p>The law regulating the processing of personal information is called&nbsp;&nbsp;<a rel=\"noreferrer noopener\" aria-label=\" (\u00f6ppnas i en ny flik)\" href=\"https:\/\/ec.europa.eu\/info\/law\/law-topic\/data-protection_en\" target=\"_blank\"><strong>GDPR<\/strong><\/a>&nbsp;(General Data Protection Regulation).<\/p>\n\n\n\n<p>We follow this law and in this support article, we summarize frequently asked questions and make available links to relevant documentation and terms. If you have further questions we accept these via mail to support@oderland.se<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Documents<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a target=\"_blank\" href=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2017\/12\/Policy-for-personuppgiftshantering-v1.pdf\" rel=\"noreferrer noopener\"><strong>Policy<\/strong>&nbsp;document regulating our role as data controller of our client&#8217;s personal information<\/a><\/li>\n\n\n\n<li><a target=\"_blank\" href=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2017\/12\/Personuppgiftsbitradesavtal-PUBA-Oderland-v1.pdf\" rel=\"noreferrer noopener\"><strong>Data Processing Agreement<\/strong>&nbsp;regulating our role as a processor of your stored unstructured data in our services such as databases, mail, and files<\/a><\/li>\n\n\n\n<li><a target=\"_blank\" href=\"https:\/\/www.oderland.se\/om\/anvandaravtal\/\" rel=\"noreferrer noopener\">General&nbsp;<strong>Terms of Service<\/strong>&nbsp;(TOS)<\/a><\/li>\n\n\n\n<li><a target=\"_blank\" href=\"https:\/\/www.oderland.com\/about-us\/security-work\/\" rel=\"noreferrer noopener\">Our&nbsp;<strong>gernal security<\/strong>&nbsp;measures at Oderland<\/a><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">&nbsp;<b>Is&nbsp;<\/b><b>Oderland a<\/b><b>&nbsp;data processor&nbsp;<\/b><b>or a data controller<\/b><b>?<\/b><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>We are data controllers<\/strong> \uff0d of the personal information we collect on you as a client.<\/li>\n\n\n\n<li><strong>We are data processors<\/strong> \uff0d of the personal information in the form of data you store in our services such as files, databases, and mails. (Processing type is storing the data.)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Does Oderland store my credit card information?<\/h3>\n\n\n\n<p id=\"lagras-kortuppgifter-hos-oderland\">No, we do not store that information but instead, it is stored with our world-leading credit card payment partner&nbsp;<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/stripe.com\/en-se\">Stripe<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><b>Can&nbsp;<\/b><b>Oderland<\/b><b>&nbsp;sign our s<\/b><b>ub-processor<\/b><b>&nbsp;agreement?<\/b><\/h3>\n\n\n\n<p>No that should not be necessary because processing and sub-processing\u00a0<a href=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2017\/12\/Personuppgiftsbitradesavtal-PUBA-Oderland-v1.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">DPA (Data Processing Agreement)<\/a>\u00a0is integrated in our\u00a0<a href=\"https:\/\/www.oderland.se\/om\/anvandaravtal\/\" target=\"_blank\" rel=\"noreferrer noopener\">General\u00a0<strong>Terms of Service<\/strong>\u00a0(TOS)<\/a>\u00a0in \u00a712. This DPA is designed to cover the extent of responsibility we can take for our clients in a standard hosting service.<\/p>\n\n\n\n<p>Also, our experience is that clients with their own DPA have far-stretching demands on how to handle specific data they store in what we see as unstructured data in our services. Since much of the security on how this data is stored and accessed is outside of our control signing such a DPA as a general hosting company would not be feasible. You will have to use our documentation above and make your assessment and case that you meet the requirements of the GDPR law.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><b>How<\/b><b>&nbsp;do I&nbsp;<\/b><b>sign<\/b><b>&nbsp;the&nbsp;<\/b><b>agreement<\/b><b>?&nbsp;<\/b><\/h3>\n\n\n\n<p>The <a rel=\"noreferrer noopener\" href=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2017\/12\/Personuppgiftsbitradesavtal-PUBA-Oderland-v1.pdf\" target=\"_blank\">DPA (Data Processing Agreement)<\/a> is integrated into our <a rel=\"noreferrer noopener\" href=\"https:\/\/www.oderland.se\/om\/anvandaravtal\/\" target=\"_blank\">General&nbsp;<strong>Terms of Service<\/strong>&nbsp;(TOS)<\/a>&nbsp;in \u00a713 and is accepted simultaneously as you accepted the TOS.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><b>Can&nbsp;I&nbsp;give&nbsp;you&nbsp;instructions&nbsp;as a&nbsp;client?&nbsp;<\/b><\/h3>\n\n\n\n<p>Yes, you have the legal right to demand we use your instructions instead of our&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2017\/12\/Bilaga-1-Instruktioner-om-hantering-av-Personuppgifter-v1.pdf\" target=\"_blank\">preprinted instructions<\/a>, that we have developed, as an attachment to the&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2017\/12\/Personuppgiftsbitradesavtal-PUBA-Oderland-v1.pdf\" target=\"_blank\">DPA<\/a>. However, our instructions usually cover the needs of our clients to comply with the GDPR. Yet again extra instructions on the specific processing of personal information in your application hosted in our services are probably impossible for us to guarantee and most likely we cant offer the service you need. You are free to send your instructions you wish we honor to&nbsp;<a href=\"mailto:support@oderland.se\" data-type=\"mailto\" data-id=\"mailto:support@oderland.se\" target=\"_blank\" rel=\"noreferrer noopener\">support@oderland.se<\/a>. If the instructions need to be reviewed by lawyers, Oderland will be entitled to compensation for this. However, we will ask the client first before sending them for review.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><b>How<\/b><b>&nbsp;do&nbsp;<\/b><b>you<\/b><b>&nbsp;<\/b><b>handle<\/b><b>&nbsp;logs, broken hard drives and backups?&nbsp;<\/b><\/h3>\n\n\n\n<p>Server logs for access, errors and firewall are automatically deleted after three months. We have&nbsp;confidentiality agreement&nbsp;that cover hard drives that need to be returned to suppliers and we also write over the data on the disk before it is shipped. Backups is retained for three months, in order to be able to proceed with our agreement with a customer, and then automatically deleted.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How&nbsp;is&nbsp;visitor&nbsp;statistics&nbsp;processed?<\/h3>\n\n\n\n<p>In&nbsp;our&nbsp;web&nbsp;hosting&nbsp;services,&nbsp;visitor&nbsp;statistics&nbsp;automatically&nbsp;store&nbsp;through&nbsp;functions&nbsp;in the&nbsp;cPanel.&nbsp;Some&nbsp;statistics&nbsp;are&nbsp;stored&nbsp;for a&nbsp;day&nbsp;and one other part,&nbsp;in a&nbsp;more&nbsp;anonymous&nbsp;form, is&nbsp;stored&nbsp;long term&nbsp;through&nbsp;AWstats.<br>Please&nbsp;note&nbsp;that&nbsp;you&nbsp;may&nbsp;need&nbsp;to&nbsp;inform&nbsp;your&nbsp;visitors&nbsp;about&nbsp;this. For&nbsp;more&nbsp;information regarding this, please refer&nbsp;to the <a rel=\"noreferrer noopener\" href=\"https:\/\/www.imy.se\/en\/\" target=\"_blank\">The Swedish Authority for Privacy Protection (IMY)<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Can I store&nbsp;any&nbsp;kind of personal information in your services?<\/h3>\n\n\n\n<p>We have done our best to meet the demands GDPR has put on us. You can read about this in our agreement&nbsp;that&nbsp;you will find at the bottom of this article as an attachment. What you choose to store in our services and how you store it is difficult&nbsp;for us&nbsp;to control, we only provide the platform that is GDPR-adapted.<\/p>\n\n\n\n<p>It is still possible to store personal data incorrectly in our platform despite this. If you are unsure of&nbsp;the requirements&nbsp;for you&nbsp;and how to meet them in our services, we recommend that you contact the&nbsp;Data&nbsp;Inspectorate or lawyers who specialize in your industry. For example review our agreements and provide&nbsp;your&nbsp;with&nbsp;supplementary attachment with instructions,&nbsp;if this would be necessary.<br><b><\/b><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><b>How should I handle the storage of email?<\/b><\/h3>\n\n\n\n<p>Your&nbsp;email often&nbsp;contains&nbsp;personal information and should therefore also be treated in the same way as other personal information you store in our services. IMY <a rel=\"noreferrer noopener\" href=\"https:\/\/www.imy.se\/verksamhet\/dataskydd\/det-har-galler-enligt-gdpr\/informationssakerhet\/personuppgifter-i-e-post\/\" target=\"_blank\">has a good guide here on how to&nbsp;reason&nbsp;around this<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><b>How&nbsp;can&nbsp;I&nbsp;follow&nbsp;GDPR in&nbsp;WordPress?&nbsp;<\/b><\/h3>\n\n\n\n<p>Here are some layman low hanging GDPR fruits regarding WordPress:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use a&nbsp;<strong>hosting company<\/strong>&nbsp;with a Policy and DPA for handling personal data in accordance with GDPR. Like Oderland!<\/li>\n\n\n\n<li>WordPress includes a draft for a&nbsp;<strong>Privacy Policy<\/strong>&nbsp;you can complete in Pages and activate under Settings so it is displayed for visitors.<\/li>\n\n\n\n<li>WordPress has features to comply with the rights of the data subjects like&nbsp;<strong>exporting<\/strong>&nbsp;and&nbsp;<strong>deletion<\/strong>&nbsp;of personal information under Tools.<\/li>\n\n\n\n<li>Activate an&nbsp;<strong>SSL certificate<\/strong>&nbsp;for your site and make sure WordPress uses it.&nbsp;<\/li>\n\n\n\n<li>Install a<strong>&nbsp;cookie policy plugin<\/strong>&nbsp;to inform and get consent for tracking.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><b>How do I encrypt personal information?&nbsp;<\/b><\/h3>\n\n\n\n<p>Encrypting information may mean different things and you must judge for yourself how you can use the technical capabilities our services offer to best protect your customers personal information.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Encrypt the traffic to the page by enabling <a href=\"https:\/\/www.oderland.se\/support\/en\/artikel\/what-is-ssl-tls\/\" target=\"_blank\" rel=\"noopener noreferrer\">SSL\/TLS<\/a>.<\/li>\n\n\n\n<li>Get your customers and employees to use SSL\/TLS in their email clients when they connect to the email server. How to enable SSL\/TLS, please check the instructions for each email client. If you are using web mail, you only need to make sure that the page&#8217;s URL (web address) begins with <code>https:\/\/<\/code> and has a padlock in the address bar. At&nbsp;Oderland, the right ports to use with SSL\/TLS encrypted email traffic are: IMAP 993 | SMTP 465 | POP 995<\/li>\n\n\n\n<li>Consider encrypting your email&nbsp;further, with PGP for example. However, this can be technically difficult, and it might be easier to communicate with your customers&nbsp;through&nbsp;a CRM system they can login to on your site.<\/li>\n\n\n\n<li>We also support encryption in many other situations like SSH and SFTP.<\/li>\n\n\n\n<li>You can choose to use 2FA (Two-factor authentication) to login to the Client Area. You enable this through the security settings under your account, which allows you to use Google Authenticator (<a href=\"https:\/\/play.google.com\/store\/apps\/details?id=com.google.android.apps.authenticator2\" target=\"_blank\" rel=\"noopener noreferrer\">Android \/ iOS<\/a>) to sign in. Do you combine this by consistently using the direct login from the Client Area to cPanel and switching to a <a href=\"https:\/\/www.oderland.se\/support\/en\/artikel\/how-do-i-reset-the-password-for-cpanel\/#via-kundavdelningen\" target=\"_blank\" rel=\"noopener noreferrer\">secure password for the cPanel<\/a> that is never used again, you have a subset for 2FA for the cPanel.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><b>What<\/b><b>&nbsp;do I&nbsp;<\/b><b>need<\/b><b>&nbsp;to do&nbsp;<\/b><b>more<\/b><b>&nbsp;to&nbsp;<\/b><b>follow<\/b><b>&nbsp;GDPR?&nbsp;<\/b><\/h3>\n\n\n\n<p>Great,&nbsp;you&nbsp;use&nbsp;Oderland&nbsp;that&nbsp;complies&nbsp;with&nbsp;GDPR&nbsp;through&nbsp;our&nbsp;policy,&nbsp;DPA&nbsp;and&nbsp;instructions&nbsp;for&nbsp;managing&nbsp;personal information,&nbsp;but&nbsp;that&#8217;s&nbsp;only&nbsp;part&nbsp;of&nbsp;the&nbsp;answer.&nbsp;You&nbsp;also&nbsp;need&nbsp;to&nbsp;think&nbsp;of&nbsp;a lot of other things:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>That&nbsp;you&nbsp;review&nbsp;<a href=\"https:\/\/www.imy.se\/verksamhet\/dataskydd\/det-har-galler-enligt-gdpr\/grundlaggande-principer\/\" target=\"_blank\" rel=\"noreferrer noopener\">IMY&#8217;s&nbsp;Checklist&nbsp;<\/a>and read&nbsp;through&nbsp;the&nbsp;full&nbsp;summary&nbsp;of&nbsp;<a href=\"https:\/\/www.imy.se\/verksamhet\/dataskydd\/det-har-galler-enligt-gdpr\/grundlaggande-principer\/\" target=\"_blank\" rel=\"noreferrer noopener\">the&nbsp;basic&nbsp;principles&nbsp;of&nbsp;GDPR<\/a>.<\/li>\n\n\n\n<li>Update your&nbsp;agreements&nbsp;and&nbsp;policies.<\/li>\n\n\n\n<li>Update your&nbsp;routines&nbsp;and systems.<\/li>\n\n\n\n<li>&nbsp;Keep&nbsp;your&nbsp;customers&nbsp;informed&nbsp;and&nbsp;protect&nbsp;their&nbsp;personal information.<\/li>\n<\/ul>\n\n\n\n<p>Protecting&nbsp;personal information is a major&nbsp;issue&nbsp;and <a href=\"https:\/\/www.imy.se\/verksamhet\/dataskydd\/\" target=\"_blank\" rel=\"noreferrer noopener\">the&nbsp;Privacy&nbsp;Authority&nbsp;(formerly&nbsp;Data&nbsp;Inspection)<\/a> has an excellent site&nbsp;where&nbsp;you&nbsp;can&nbsp;find&nbsp;answers&nbsp;to&nbsp;most common questions&nbsp;regarding&nbsp;GDPR.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><b>Can<\/b><b>&nbsp;I send<\/b><b>&nbsp;<\/b><b>my questions about GDPR<\/b><b>&nbsp;<\/b><b>to&nbsp;<\/b><b>Oderland<\/b><b>?&nbsp;<\/b><\/h3>\n\n\n\n<p>For&nbsp;questions&nbsp;concerning&nbsp;Oderland&#8217;s&nbsp;processing&nbsp;of&nbsp;personal data and adaptation to GDPR,&nbsp;please&nbsp;contact&nbsp;us&nbsp;at&nbsp;<a href=\"mailto:support@oderland.se\">support@oderland.se<\/a>, and&nbsp;we&nbsp;will&nbsp;answer&nbsp;your questions.&nbsp;These types of questions&nbsp;are&nbsp;better to discuss through email than over the phone, as it is sometimes&nbsp;necessary&nbsp;for us to go through our&nbsp;agreements&nbsp;and&nbsp;research the Data&nbsp;Inspections&nbsp;website to be able to give you the best&nbsp;answer possible.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The law regulating the processing of personal information is called&nbsp;&nbsp;GDPR&nbsp;(General Data Protection Regulation). We follow this law and in this support article, we summarize frequently asked questions and make available links to relevant documentation and terms. If you have further questions we accept these via mail to support@oderland.se Documents &nbsp;Is&nbsp;Oderland&#8230;<\/p>\n","protected":false},"author":12,"comment_status":"open","ping_status":"closed","template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"ht-kb-category":[193],"ht-kb-tag":[],"class_list":["post-4872","ht_kb","type-ht_kb","status-publish","format-standard","hentry","ht_kb_category-invoicing-and-billing"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.oderland.se\/support\/en\/wp-json\/wp\/v2\/ht-kb\/4872","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.oderland.se\/support\/en\/wp-json\/wp\/v2\/ht-kb"}],"about":[{"href":"https:\/\/www.oderland.se\/support\/en\/wp-json\/wp\/v2\/types\/ht_kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.oderland.se\/support\/en\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/www.oderland.se\/support\/en\/wp-json\/wp\/v2\/comments?post=4872"}],"version-history":[{"count":34,"href":"https:\/\/www.oderland.se\/support\/en\/wp-json\/wp\/v2\/ht-kb\/4872\/revisions"}],"predecessor-version":[{"id":23214,"href":"https:\/\/www.oderland.se\/support\/en\/wp-json\/wp\/v2\/ht-kb\/4872\/revisions\/23214"}],"wp:attachment":[{"href":"https:\/\/www.oderland.se\/support\/en\/wp-json\/wp\/v2\/media?parent=4872"}],"wp:term":[{"taxonomy":"ht_kb_category","embeddable":true,"href":"https:\/\/www.oderland.se\/support\/en\/wp-json\/wp\/v2\/ht-kb-category?post=4872"},{"taxonomy":"ht_kb_tag","embeddable":true,"href":"https:\/\/www.oderland.se\/support\/en\/wp-json\/wp\/v2\/ht-kb-tag?post=4872"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}