Compliance with GDPR

The EU General Data Protection Regulation (GDPR) is a privacy and data protection regulation in the European Union effective from May 25, 2018. It replaced the previous Personal Data Act (PuL) and applies to all organizations handling EU citizens’ personal data, regardless of their location.

We at TRUE are committed to compliance with GDPR, both as a data processor and, in some cases, as a data controller. Our handling of personal data follows the principles of lawfulness, fairness, transparency, and security. Our Terms & Conditions outline the responsibilities of Issuers, Recipients, and TRUE in ensuring compliance.

Processing of Personal Data

Legal Basis for Processing

TRUE processes personal data based on the following legal grounds:

• Contractual necessity: To provide our services and fulfill agreements with Issuers and Recipients.
• Legitimate interest: To maintain the integrity, security, and functionality of our platform.
• Legal obligation: Compliance with regulations, including those for certification and accreditation bodies.

Responsibilities of TRUE, Issuers, and Recipients

• Issuers (Our Customers): The organizations that issue documents via TRUE are the data controllers for personal data contained in those documents. They are responsible for ensuring GDPR compliance when submitting personal data.
• Recipients (End Users): The individuals receiving documents. Recipients must accept GDPR and our Terms & Conditions before a document is published.
• TRUE: Acts as a data processor on behalf of Issuers and as a controller for certain personal data, such as customer account details.

Security and Privacy Controls

• Transparency: We do not sell personal data to third parties.
• Access Controls: Recipients can hide any document behind a password when they receive it or at any time after, by changing their privacy settings using the email address to which the document was first sent.
• Retention Policy: Personal data is stored only as long as necessary, in accordance with applicable regulations.
• Processing Location: All personal data is processed within the EU/EEA.

Exercising Data Subject Rights

Under GDPR, individuals have the right to:

• Access personal data (Request a register extract)
• Correct inaccuracies (Rectification right)
• Delete data (Right to be forgotten)
• Restrict processing (Under certain conditions)
• Portability (Transfer data to another provider)
• Object to processing (e.g., for direct marketing)

How to Exercise These Rights:

1. Recipients should first contact the Issuer (the organization that issued the document).
2. If the Issuer cannot resolve the request, Recipients can contact TRUE support.

Contact & Complaints

If you have questions about GDPR compliance, please contact us at:
True Value Software AB, Eriksbergsgatan 3, 114 30 Stockholm, Sweden, or email our support.

You also have the right to file a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten).

The latest version of this policy will always be available on our website.

Read more about Data Security: https://trueoriginal.com/true-data-security/