Processing Activity Record¶
| Category | Subject | Information |
|---|---|---|
| Data Controller | Authority /Name of company,Reg. and contact information (address, website, phone-number and email) | Organization: Girafs Venner Address: Selma Lagerløfs vej 300, 9220 Aalborg Øst Phone: 40 89 21 56 E-mail: "Ulrik Nyman" ulrik@cs.aau.dk CVR: 40519025 |
| The common data controller as well his contact information (address, website, phone-number and email) | ||
| The data controller's representationand his contact info(address, website, phone-number and email) (Public authorities are not covered by Article 27 PCS. 2 (b) | ||
| Authority / corporate data protection consultantas well as his/her contact information (address, website, phone-number and email) | Not assigned. | |
| Purpose(s) | Treatment or treatment purpose(a unified, logical consistent purpose of the treatment or a variety of treatments actions, indicated herein as one purpose out of all combined purpose of the data controller) | The purpose of the treatment of personal information, is solely to provide a communication tool for the autistic children and the guardians of an institution. The processing of information is related to being able to personalize the interaction with the system for the individual child, by means of having a system user. |
| The categories of registrants and the categories of personal data | Category of registrants people (e.g. citizen / customers, party representatives current or former employees, other companies companies, other authorities etc. | Citizens: the children with autism enrolled in an institution. Guardians: the guardians at the institution, such as caretaker or teacher. Department: is the role of a manager, administrating guardians in a department. SuperUser: an administrator ensuring maintenance of the system. |
| Information that is being processed about the registered persons (check and describe the types of clearances covered by action activities) | Information included in the specific treatment. Describe: | |
| ☑ Identifying information | ||
| ☐ Information concerning the employment relationship to need administration, including position and service nesting place, pay ratio, information of relevance for payroll deduction, staff papers, educational illness and absenteeism. | ||
| ☐ Race or ethnic origin | ||
| ☐ Political, religious or philosophical conviction | ||
| ☐ Trade unionism affiliation | ||
| ☐ Health information including genetic data | ||
| ☐ Biometric data with for identification purposes | ||
| ☐ Sexual relationships or sexual orientation | ||
| ☐ Criminal conditions | ||
| The recipients of the personal information | Categories of recipientsfor which information is or will be passed to, including those in third party countries and international organizations (for example, other authorities,companies, citizens / customers, etc.) | None. |
| Third party countries and international organizations | Information on the transfer of personal data for third party countries or international organizations (for example, data processor location in third countries, data processors use of cloud solutions located in third countries) | None. |
| Deletion | Time of deletion of information (the expected deadlines for deleting the various categories of information) | Personal information is to be deleted 1 year after the user is declared inactive, which, depending on the institution, could be either an active choice made by the institution or as a result of not using the system for the amount of time. |
| Technical and organizational precautionary security measures | General description of technical and organizational security measures (if possible, give a general description of the technical happen and organizational security emergency measures, cf. article 32, par. 1) | The risk assessment can be found in the Risk Assessment Document |
Last update: December 12, 2023