As a customer to Barium AB you can use Barium Live as a platform to collect, store and process all types of data, including including PII:s (Personal Identifiable Information). As the customer you are the controller of the data and Barium AB is the processor that help you achieve your goals.
Barium AB have a responsibility to provide technical and organisational security measures necessary to protect all customers data. Bariums security measurements are audited and certified according to the standard ISO/IEC 27001:2013.
If you want more detailed information how Barium work securing your data please download our White Papers.
But to give you a headstart we have put together a short FAQ regarding GDPR.
Where is the data in Barium Live physically stored?
In Sweden. All data is stored in security classed server halls in Sweden
Can I as a customer erase data from Barium Live?
Yes, you as a customer have full control over your data when and how your data should be erased.
Can I as a customer search for PII:s that I have stored in Baum Live?
Yes, you can look up any type of data you own (including PII:s) and show/save the result a list. And ofcourse can you choose who of your users in Barium Live that will have access to these lists.
Can I as a customer export personal identification data (PID) to portable digital format?
Yes, you have the possibility to create lists containing the data you want to export. The list can then be exported to an excel file.
We also have the possibility to export information via our API.
Is it possible to redact PII:s (and other data) when I as an customer don't have use for it anymore.
Yes. The redaction functionality in Barium Live can be configured in several ways. For example it can be set to delete selected PII:s 30 days after some tasks have been performed. This way you will still save important metrics about the performed tasks.
Can I select who of my users in Barium Live that can see what type of information?
You can use confidential data fields, and based on the role a certain user have in the system he/she will be allowed access to the data.
Can I as a customer collect information from data subjects based on consents and logg these consents in Barium Live?
Yes, you can create process applications within Barium Live based on consent. You will be able to log those consents within the system.
Does Barium Live transfer data outside the border of EU?
No, By default we do not transfer any data you have stored in Barium Live.
In some situations Barium Live need to send notifications to certain types of users in the system. In these cases the users email address will be used and transferred via an email queue service provider located outside EU.
As a customer you can chose to configure Barium Live to send data with e-mails out from Barium Live. In this case PII:s (email address + other information you attach to the mail) will be sent (encrypted) via an email queue service provider located outside EU.
As a customer you can also chose to export PII:s from Barium Live and add them to a support ticket. In this case the data will be transferred outside EU to be processed in our support ticket management system.
In all the cases when data is transferred outside EU Barium only uses subcontractors that can show compliance to EU-U.S. Privacy Shield Framework.
What is the Privacy Shield Framework.
Privacy Shield is an agreement between EU and USA regarding protection of PII:s that was made in the year of 2016. The agreement means that it is allowed to send PII:s to recipients in USA that have joined the Privacy Shield Framework. In other words, recipients enclosed by Privacy Shield are considered to meet an adequate level of security regarding data protection. (also see GDPR article 45)