Parantion is officieel gecertificeerd voor ISO:27001 en NEN:7510

Parantion is in possession of an ISO: 27001 and NEN: 7510 certificate. With this, Parantion and its tools meet the highest standards in the field of information security. The measures taken in the context of the ISO and NEN certification relate to the following sub-areas: Organization of information security, safe personnel, management of assets, access security, cryptography, physical security, environmental security, business security, communication security, maintenance and development of information systems, supplier relationships, management of security incidents, business continuity and compliance. Parantion obviously works with processor agreements and has the duty as processor to work safely with your information.

Your data is kept during the license period and can be renewed every year. With the data on Dutch soil and the highest security requirements, our products are suitable for any organization that considers it important that the data is safe. Your data is not made available for commercial purposes as opposed to the so-called ‘free tools’.

AVG – General Data Protection Regulation

The General Data Protection Regulation (GDPR) is the same, namely the Dutch translation of, as AVG (general data protection regulation). It is the new European law that will take effect on 25 May. And that this is even more clear and strict in what is and is not allowed is clear.

The AVG aims to ensure that companies and institutions handle data safely and in particular personal data. A personal data is any information about an identified or identifiable natural person. This means that information goes directly over someone or can be traced back to this person. When you do research or send a questionnaire, you quickly come into contact with personal data. For example, a name of the filler and the personal e-mail address when sending the survey. But the data that you collect in relation to this data also becomes personal. That is why it is very important that you know that you do research with firstly a safe tool and secondly a tool that does not do anything with your collected data. After all, it is your data.

Parantion worked hard to comply with the new legislation. The goal is to work with you to ensure the safe processing of data.

The new privacy law in 17 points
ICT law consultancy has summarized the new legislation in a number of handy and readable documents. Parantion has summarized these for you in 17 points:

  • Data such as IP addresses and cookies also fall under personal data. Even if you do not know how the person is called
  • The data processor is obliged to indicate exactly what is stored and why. It is also mandatory to assign people to their rights, such as the right to view or delete data
  • All data leaks must be registered. Also you do not have to report to authorities
  • All processing with data must be registered. Even a newsletter, for example, must specify which personal data will be processed.
  • The processor must, with all its suppliers that process data (ie all organizations that work with Parantion, also have such an agreement) conclude a processing agreement where exactly how the data is handled.
  • Fines for violation go from 800,000 Euros to a maximum of 20 million Euros
  • The processor must appoint a Data Protection Officer (FG) also called privacy officer
  • If there are potential risks to the processing of the data, a Privacy Impact Analysis must be performed. You may only process data after this PIA has been executed
  • You must keep as little privacy sensitive data as possible and actively delete what you no longer use
  • Privacy by default is the standard. You should therefore always have privacy protection as a basic attitude
  • Data must be stored optimally safely. Two factor authentication and encryption is mandatory. That is why Parantion develops a special App for this
  • You must be able to comply within a month with the request to have data entered or removed
  • Data must be able to be downloaded by the customer
  • Saving data on foreign servers must meet extra stringent standards and the country must be approved by the EU
  • If you create interest profiles (for example on the basis of cookies), you must be transparent in how you do this
  • For biometric data such as fingerprints or iris scans even stricter rules apply

Privacy Statement

Parantion is very careful with your personal information. ‘Privacy by default’ is our starting point. In addition, we take appropriate measures to process your data safely.

Parantion has opted for a layered privacy statement, in which we explain for each category which data we collect, with what basis we do this and for how long we store this data.

Parantion never sells or transfers data to third parties for commercial purposes. However, in the context of quality improvement, announcements of new products and functions, we can use your e-mail, telephone or address information to inform you. Of course you can always unsubscribe.

Parantion generally processes data on behalf of an organization. In most cases you use our services through a license that such an organization has purchased.

We process a number of data for the execution of our agreement. We register the details of the company and our contact person. Documents that are part of our relationship such as agreements, invoices are kept for at least 7 years.

The data in our tools is entirely your property. We only carry out processing in accordance with the agreements in the processor agreement. After the conclusion of our agreement we make agreements about the return and destruction of the data.

Every user has the right to view, correct and delete his data. You also have the right to limit and resist data processing.

You can also submit your request or question via the controller. A so-called processor agreement has also been concluded with this organization, which describes exactly what data Parantion stores, with what purpose and the storage period of the data. For helpdesk or quality purposes, an employee of Parantion can view your account. The systems are tracked if your data is viewed by employees of Parantion.

We process data such as your IP address in our log files. This is necessary for the correct operation of the tool and traceability during incidents. These log files are saved for 3 months.

If you yourself have a license agreement with Parantion for the use of our systems, you yourself are the controller and a separate license agreement, end user agreement and processor agreement has been concluded with you.

Cookies are used for the best possible effect of this website. When visiting our website we ask you permission for the use of these cookies. This allows us to monitor and optimize the use of our website. For this we use Google Analytics. Cookies from, for example, Google are placed via our website. The information that is obtained with this, Google analyzes for us. The information is anonymous, we can not trace personal data.

We have a processor agreement with Google. It states that they may not share your information with others or other Google services. Google is an American company. The collected information is stored on US servers. Google conforms to EU-US Privacy Shield principles.

If you have doubts about the security or confidentiality of your data, we would like to hear that. Also if you suspect abuse or otherwise suspect that something is not in order, please mail to security@parantion.nl.

Documents

For the security of your and our data we have determined a number of agreements that apply when you use our products. Below you can read this:

Algemene voorwaarden

End-user License Agreement (EULA) 

Privacy Statement

Verwerkersovereenkomst

Verklaring van Toepasselijkheid ISO:27001

Verklaring van Toepasselijkheid NEN:7510