FAQS - GDPR
Please refer to below Frequently Asked Questions (FAQs) for your attention.
1. What personal data do we process?
The personal data we collect and process from you varies and depends on the service options you have selected. For a list of all personal data we may collect and process, please refer to our Privacy Statement located here.
For further information on GDPR, please also refer to our white paper document which can be located here
2. How do we use your personal data?
We use your personal data to provide you with goods and services in accordance with the service agreements you have in place with us. For a further list of how we use your personal data, please refer to our Privacy Statement located here.
3. Does KYOCERA have a Data Protection Lead?
KYOCERA is committed to ensuring that their partners and end users data is processed in accordance with GDPR requirements. In order to meet the regulations requirements, KYOCERA has set up a GDPR project team which consists of a Data Protection Lead and an Information Security Officer.
4. What responsibilities does the Data Protection Lead have?
The Data Protection Lead; (i) informs and advises KYOCERA and its employees about its obligations to comply with General Data Protection Regulation (GDPR) and other data protection laws; (ii) is the first point of contact on data subject requests (iii) works with department managers and senior managers to ensure compliance with the GDPR and other data protection laws, including managing internal data protection activities, arranging internal staff training and support on data protection by coordinating with KYOCERA Head Office on all legal, data and compliance issues.
5. Do you have policies and procedures in place for detecting and dealing with breaches?
As a Kyocera Group Company, KYOCERA has implemented a KYOCERA Group data breach notification procedure which sets the procedure for handling a breach and the breach reporting procedure. This is available upon request to all KYOCERA business partners and customers.
6. Do you offer staff training on data protection?
Yes, we conduct in-house data protection training via an internal learning management system. The training is compulsory and monitored by our Learning and Development department who ensure all applicable modules are completed within the set KYOCERA timelines.
7. How do you check that there has been no internal unauthorized access to personal data?
Use of restricted access to data, secured personal log in details, use of locks, security codes, passwords (these are changed frequently) and automatic systems screen lock when not in use. In addition, we have various IT policies and processes in place to ensure your personal data is managed in a secure manner which is GDPR compliant. This includes our joiners and leavers’ policy which ensures that access is revoked immediately for employees leaving KYOCERA.
KYOCERA is ISO27001 accredited and is able to provide copies of its policies and procedures on information security if this is required
8. Do you have policies and procedures in place to report breaches?
We have policies and procedures in place which are provided to all our employees and set out ways in which KYOCERA handles data breaches. For further details on our data breach policies and procedures, please contact our Data Protection Lead at; firstname.lastname@example.org.
9. How do you destroy personal data?
We use a third party data destruction company and ensure that all employees comply with the KYOCERA Data Retention Policy when handing and deleting personal data. All data in hard copies located within KYOCERA offices are shredded using secured shredding points and soft copies are kept until they reach their maximum retention period then deleted. All hard disk drives are destroyed internally but in some instances we use a third party data destruction company.
10. Are any of your processing activities carried out by third parties (sub-processors)?
We share data with data hosting providers. Salesforce CRM hosting (US), SAP hosting (Germany), KFS hosting MS Azure (NL). Any processing of your personal data (e.g. name, email address and contact details will be processed through our CRM system. Any other processing we conduct in order to deliver services to you will be covered under our service agreements and listed in a Data Processing Agreement where there is processing and/or where we use a sub-processor.
11. Who authorizes these processing activities?
Outsourcing of processing activities is ultimately the responsibility of the KYOCERA General Manager and/or KYOCERA Board, with advice taken from the Data Protection Lead.
12. How do you deal with subject data requests?
Where we act as a data controller, we will ensure we meet data subject requests as per the regulations. If you would like more information on data subject requests, please contact us at; email@example.com.
13. How is data transferred?
Mostly via email, internal developed systems and/or secured external systems (e.g. CRM, SAP, Docuware and Evatic).
14. In what countries are those people to whom you disclose the information?
15. Where data is transferred outside the EEA, what measures are used to ensure compliance with the GDPR?
Where we transfer your personal data outside the EEA, to a so called non-adequate country, we will issue and/or use a data processing agreement between ourselves and any sub-processors, joint-controllers, including the use of European Commission’s approved Model Clauses to ensure adequate security measures as well as ensure we fully comply with the requirements under GDPR and the applicable local laws.
16. What technical and organisational measures do you have in place to ensure adequate security of the data you process?
We have appropriate security measures in place to prevent personal data from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
KYOCERA is ISO27001 accredited with regard to information security – policies and procedures in relation to Information Security are available on request. KYOCERA’s personnel and sub-contractors are subject to a duty of confidence under their contracts.