The security policy aims to design, implement, guide, monitor and manage security over an organization’s data. The main objective being securing and protecting logical data stored, consumed, and managed by an organization. This data can be stored within the organization core infrastructure, offsite location or at an online / cloud service.

The new GDPR regulation puts individuals first, believing they should be protected and empowered. Companies big and small shall be more accountable for their actions.

 

 

  • The goal of the data protection policy

 

The goal of the data protection policy is to depict the legal data protection aspects in one summarising document. This is not only to ensure compliance with the European General Data Protection Regulation (GDPR) but also to provide proof of compliance.

The key objective of data protection policy is ensuring the security and integrity of data at rest and in motion. The data protection policy will be designed to ensure security across all the data storage / consuming location.

 

Data Protection Policy at Rainmaking Loft Berlin UG t/a The Place

 

  • Preamble

 

The Rainmaking Loft Berlin UG t/a The Place, have always been complying with the data protection laws since the business registration date in late October 2013. As the GDPR laws are to be released on May 25th, 2018, we took this opportunity to publish our security policy again and share the full transparency of our business to the public.

According to the GDPR standards, the policies, terms and conditions and the formal communication channels need to be:

  • Unambiguous: the subscriber easily understands what they are subscribing to and from who
  • Convincing: it’s reassuring to see a promise that data will be kept safe and won’t be given to third parties.
  • Privacy policy and other data security documents can be easily found and viewed
  • Clarity: no complex language or euphemisms

Furthermore, personal data shall be:

  • processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
  • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  • adequate, relevant and limited to what is necessary for relation to the purposes for which they are processed (‘data minimization’);

The Rainmaking Loft Berlin UG t/a The Place assures that we adhere to the upper mentioned principles and it can be proven along this document in the following sections.

 

 

  • Six legal grounds according to the GDPR

 

The General Data Protection Regulation includes six legal grounds for processing and using personal data.

Those grounds are as follows:

  1. Opt-in consent: The customer permits you to contact them, or invites you to do so.
  2. Contractual requirement: The business must process the customer’s personal data (their email address/contact info) to fulfill a contract.
  3. Legal Compliance: The business needs to process the customer’s data for reasons of legal compliance.
  4. Best Interest: The business must process the customer’s data to protect the best interests of the data subject (or the best interests of someone else).
  5. Public Interest: Data processing is essential in the interests of the public.
  6. Legitimate Interest: The GDPR regulation states, “the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.”

 

The Rainmaking Loft Berlin UG t/a The Place acts upon these six legal grounds as follows:

  1. Opt-in consent
  2. Contractual requirement
  3. Legal Compliance
  4. Best Interest
  5. Public Interest
  6. Legitimate Interest

It is in our own and best interest to allow our customers to easily get in touch with us regarding any matter. In addition, we process the customer’s personal data legitimately to protect the best concern and well-being of the data subject as well as the public. We embrace the law and are in line concerning the use of personal data for direct marketing purposes to be carried out in an appropriate, genuine, justifiable and reliable way as to the interest of any party.

Therefore our practices since the very beginning are compliant and re-affirmed from now on as subsequently stated:

  • We guarantee that we don’t sell and don’t reuse our contacts data. We only store it for spreading information and invoicing purposes.
  • All contacts (name, surname and email addresses) are stored in our company software, Teamleader, which is password protected and accessible by team members only. Any former employee is removed as soon as she/he leaves the company.
  • The 3 sources we gather data from are :

Event: all event clients’ email addresses, as well as their respective company data, are stored in our company software, which is password protected and available to team members only. We store those contacts only for information and communication shared within the team as well as invoicing purposes. This data is never used for direct marketing purposes.

Coworking: all members (i.e our customers) of our coworking space (i.e. renting a desk and having signed a contract). We store those contacts for information and communication only shared within the team as well as invoicing purposes and official communication channels (done via email in our “Weekly Updates”). This data is never to be used for direct marketing purposes but for informative intent.

Personal Network & Contacts: This group is made of people that manifest an interest for and /or want to be part of our community. Those contacts are either collected by employees at external and/or internal events or during our community events, etc.

a- The contacts are acquired individually and personally after expressing genuine interest

b- Additionally, from now on every single person we meet and who wants to be added in our database, shall be contacted via email with a specific form so that we can have a written consent to do so.

c- If the contacts then wish (after having given us the right to use their data) to be removed from our contact list or newsletters, they will have the opportunity to do so as it will be stated very clearly and prominently in our External Newsletter that anyone at any time can unsubscribe from it.

 

  • Data Breach Response (CIRP)

 

In case of a data breach, we affirm that the situation is to be fixed within 72 hours.

As we are constantly using our database, we would be able to notice a data breach immediately and take the appropriate actions to counter arrest the attack, as to:

  • Communicate to all affected clients & employees
  • Change the password
  • Track the unusual traffic or activities performed on our platform
  • Contact the corresponding professional to deal with the breach (e.g: lawyer, cybersecurity company)

 

Security policy

We, the Rainmaking Loft Berlin UG t/a The Place commit ourselves to the highest data protection principles. We will strive to continuously improve ourselves and our data management system by training, learning and implementing new and better practices.

Each employee will sign our Data Protection Agreement and will then be accountable for it.

 

Annex: The platforms in usage

 

a- Platforms in operation for individualized communications purposes

  • MailChimp: to send weekly internal updates & external newsletter → their data protection policy here !
  • Teamleader: our internal CRM, project management and invoicing software → their data protection policy here !
  • Google: internal email addresses + usage of the G Suite → their data protection policy here !
  • Slack: internal communication platform & chat  → their data protection policy here !
  • Eventbrite: a platform where we post our public events → their data protection policy here !

 

b- Current communication channels not using follower´s data:

  • Instagram: social media platform where we post pictures & videos → their data protection policy here !
  • Facebook: social media platform where we post information, events, pictures & videos → their data protection policy here !
  • Twitter: social media platform where we post current activities, trendy topics, pictures & videos → their data protection policy here !
  • LinkedIn: social media platform where we post information, articles, updates, pictures & videos → their data protection policy here !

 

Notice:

Please note that you can unsubscribe from our newsletter at any time. To do so please click here.