Personal data policy

Personal data policy

Personal data

We need to collect and treat some personal data so different companies can take advantage of our services. We process data on different companies communication metadata such as telephone number, chat, email (social media). We register the time when for example a telephone call comes to an exchange but we have no information about content. The purpose is for companies to ensure that they are available when their customers try to get in touch with them and so that the companies should be able to staff with right number of people at the right time.

Controls and compliance

Protection of personal data is included per default in every system. That means that protective mechanisms are implemented for all systems that treat personal data. Meridix measures only on phones that are connected to companies. We do not measure on private subscriptions.
We have safe data storage because we use Microsofts Azure as a cloud solution. Microsoft has more certifications than any other cloud provider and they lead the industry in establishing clear security and privacy requirements. Azure meets a broad set of international and industry-specific compliance standards, such as General Data Protection Regulation (GDPR), Iso 27001 and rigorous third-party audits, such as those done by the British Standards Institute, verify Azure´s adherence to the strict security controls these standards mandate. The advantage of using the cloud is the costs, speed, global scale, productivity, performance and the reliability.
Actions – Let our partners know in case certain telephone numbers can show and be connected to sensitive information.

The individual´s integrity and security

The person whose data is collected will be informed about what data is collected and how it will be used.

  • Go through databases to remove all data for non-active customers
  • Routine to not collect data longer it are required for the purpose
  • Do not handle more tasks that is required for the purpose, data minimization
  • Intern policy, no sensitive data on USB
  • Confidentiality agreement
  • Routines/templates for personal data incident
  • Data portability is possible

Requirements on supplier

Meridix is always a Sub-Data processor because we always treat personal data on someone else´s behalf. We make sure that we do not treat personal data unnecessarily, we have data protection as standard (privacy by default). If our customers have specific requirements we can include them in the agreement if we can support it technically. We write Sub-Data processor agreements with our customer about what personal data we treat and the purpose of this treatment.

Webpage: www.meridix.se
Email: support@meridix.se
Tel: +46 (0) 21 38 30 32