Legal policies and Data
Our main goal in handling data is to ensure transparency, clarity and accountability for everyone involved. We must comply with (
.) We have outlined the most important parts below.How do we approach data and use or process it?
User groups, permissions and risk management
We have identified four major user groups and associated roles. As we do not yet have any functionality for externals, this group has yet to be further defined.
Roles
Who
Role
Function
GDPR
Measures
User
Data Supplier
Users that enter or upload their CO2 data.
Data Controller
General terms and conditions, Privacy agreement
StudioAvw, MVRDV
Data Processor
Organizations that analyze or combine data into a hollistic picture.
Data Processor
Data processing agreement, Non-disclosure agreement
StudioAvw
Administrator
Plaform management and supervision of functionality, quality, security and rights.
(Partial) Data Processor
Data processing agreement, logging, DPIA, security, authorisationmanagement
Externals
Externals
Stakeholders with read rights to certain datasets (Optional).
There are no rows in this table
Based on the above set of roles a set of permissions is provided ranging from full access to partial access, opt-in and no access policies as outlined below. This list functions as a global overview providing the most common data types.
Permissions
Type of data
Data Supplier
Data Processor
Administrator
Externals
CO2 data
👁️ own data or shared data
🔒 opt-in
👁️
❌ / 🔒 opt-in
User data (name, email, company name)
👁️ own data or shared data
🔒 opt-in
👁️
❌ / 🔒 opt-in
Carbon Dashboard
👁️
🔒 opt-in
👁️
👁️ / 🔒 opt-in
Project data
👁️
🔒 opt-in
👁️
👁️ / 🔒 opt-in
System access
❌
❌
👁️
❌
There are no rows in this table
Although we do our best do ensure data is kept within the above framework we may not be able to fully provide the safety of your data. Please see our measures below.
Risk management
Risk
Likelyhood
Severity
Risk Level
Measures
Unauthorised access
Unlikely
Significant
Medium
Encryption, 2FA, accessmanagement, logging, backups
Accidental sharing of data
Unlikely
Significant
Medium
Rights structure, contractual agreements
Data leak at system administrator
Possible
Significant
High
Reporting procedures, limiting risk
Lack of transparency towards stakeholders
Likely
Moderate
Medium
Transparency statement, right of inspection
There are no rows in this table
Want to print your doc?
This is not the way.
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.