Fundamental principles of the processing of personal data

Below are the basic principles that Unidata follows for the processing of your personal data

Privacy by design and by default

“We put privacy and security on the same plane right from the design of our products and services”.

The system adopted to protect personal data must put the user first, thus making protection not just formal but also substantial, in other words it is not enough that the system design is compliant with the standard if the user is not then protected.

Thus the principle of Privacy by Design assumes the following requirements:

Prevention as an assessment of privacy issues right from the design stage;
Security throughout the product or service cycle;
Transparency of information;
Centrality of the user / data subject.

According to the principle of Privacy by Default, personal data should be processed only to the extent necessary and sufficient for the intended purposes and for the period strictly necessary for these purposes. It is therefore necessary to design the data processing system ensuring that collected data are not excessive.

Secure processing

“We protect data against unauthorised access, misuse, disclosure or loss”

In accordance with the data security principle, the data controller has obligations that go beyond the custodian’s burdens, providing for the provision of adequate IT structures to minimise the risks of destruction, loss or unauthorised access to data.

Art. 32 of the GDPR states: “Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk”.

Purpose of processing

“We collect and process data that is necessary and relevant in relation to the purpose of processing”

The purpose limitation principle states that the processing of personal data is legitimate when not used for another purpose.
Data must be collected for specific, explicit and legitimate ends, thus processed in a manner compatible with that purpose. Establishing the aims of processing and expressing them in communications to the party concerned helps to let the parties understand what is really necessary and what is superfluous.

Correctness of processing

“We publish a clear, transparent and easily understandable privacy policy, and request and manage the necessary consent, ensuring that data subjects are fully able to exercise their rights in the area of privacy”

The principle of correctness requires that processing be transparent to data subjects, i.e. they must be processed for specific and legitimate purposes, and without deception of any kind, such as providing confusing or partial information.

Data subjects must be informed about the purposes of the processing, the methods of processing and the address of the data controller, before data are processed. Processing methods must be explained in a comprehensible way so that data subjects are able to understand what will happen to their data.

Any hidden or secret processing must therefore be considered illegal. Data controllers and data processors must guarantee to data subjects that data will be processed legally and correctly and in such a way as to comply, as far as possible, with the will of the same data subjects

Quality, relevance, accuracy and storage of data

“We manage necessary personal data, carefully and for the time needed”

The data quality principle requires that personal data be processed in compliance with certain requirements, in particular in relation to the relevance of the purpose of processing and the accuracy of the data.
The data relevance principle requires that unnecessary data should not be processed in realtion to the purpose for which they are collected and processed.

If it is possible to use anonymised or pseudo-anonymised data to achieve the same objective, then the use of personal data should be avoided altogether.

The data accurancy principle requires that data processed should not only be correct, but also updated, and rectified if necessary, at the request of the data subject, if wrong.

The data retention principle requires that personal data be stored in such a way as to allow the identification of data subjects for no longer than that necessary to achieve the purpose of processing. Once the purpose of processing has been achieved, the data should be deleted or anonymised.

Lawfulness of processing

“We collect and manage personal data in full compliance with the law, ensuring its disclosure only to authorised organisations”

The principle of lawfulness of personal data processing requires that personal data be processed in compliance with law provisions, including those that regulate specific sectors.

The conditions of lawfulness require that processing:

– be compliant with the law;
– pursue a legitimate purpose;
– be necessary in a democratic society to pursue a legitimate aim.