Disclaimer - greenyard.group
gygroup_cover_banner

Privacy Notice for Company-Owned Devices and for End-User Owned Devices

The responsible for the processing of your Personal Data for Intune, the “Data Controller”, is Greenyard NV (“Greenyard” or the “Company”).

 

Greenyard has provided you with a Company-funded mobile device (“device” or “mobile device”) or has permitted you to install Greenyard applications and/or use or access Company networks on a device that you own. The use of your own mobile device to install Greenyard applications and/or use or access Company networks is never obliged and/or necessary for the performance of your tasks.

Greenyard will install Intune, a Mobile Device Management (MDM) application, on your device before you can use the device to access Greenyard e-mail, network services and data. 

The Personal Data collected by MDM is the following: First name, Last name, mobile number, business e-mail address, country of your mobile provider and a list of all corporate applications present on your device.If you have a Company-funded mobile device, MDM will also process the list of apps installed on your device and the version.

Legal basis of the processing - This installation of MDM and processing of your Personal Data is based on the legitimate interests of Greenyard to secure Company assets, the legal obligations of Greenyard (where applicable) and/or the performance of a contract between you and Greenyard.

Purpose of processing- MDM will monitor and audit your device to ensure that the device is compliant with Greenyard mobile security requirements. Greenyard does not track your use of the device, the content of applications and/or communications nor does it process any other Personal Data than the ones described above, such as pincodes or location data.

To ensure compliance with Greenyard mobile security requirements, Greenyard may automatically change the configuration of the mobile device, which may change or limit the functionality of the device. This can entail, for example, obligating the use of a pincode or a biometric access code and restricting access to Greenyard applications and networks in the event the pincode or biometric access code of the device is expired. Greenyard may add, remove, or alter the security configuration that affects the device.

Should there be a security problem, you can be notified and possibly asked to remedy the problem (e.g. update the operating system) and/or you will be notified by e-mail of the problem and the actions which Greenyard has or will take.

WIPING OF THE DEVICE - Greenyard may remotely wipe the device, and circumstances requiring such action may include, a lost or stolen device, an employee leaving the Company (or a Contractor whose contract is expired or terminated) or a detected security risk. A wipe will only be conducted, when it follows from a documented assessment by Greenyard’s corporate GDPR Ambassador that Greenyard’s legitimate interests, such as securing company assets and trade secrets and preventing commercial and financial losses, override the negative impact that this wipe could or will have on the rights and interests of the employee/contractor. Greenyard will make a best effort attempt to selectively wipe the device to avoid removal of personal information.

If this fails a full remote wipe can be used that will permanently erase all corporate data stored on the mobile device, including but not limited to, e-mails, contacts, calendar postings, applications, ringtones and photos. The mobile device will then be reset back to factory default settings. Greenyard may remove corporate data and any network connection if the device is detected as being Rooted or Jailbroken.

To prevent unexpected data loss, to the extent possible, Greenyard will consult the employee/contractor before a wipe is conducted and, if feasible, offer him the possibility to safeguard his Personal Data. If such consultation/prevention cannot take place, either because the employee/contractor did not respond within the timeframe that was set forward by Greenyard for his response, or if - given the concrete circumstances - the security problem would not allow any such delay, the wipe will be conducted (taking into account the legitimate interest assessment and the best efforts strategy with regard to selective / full wipe).

Data storage - The data will be stored in the data repository which is located in Europe.

Recipients of personal data - The data can be viewed by administrators who have been granted permission to use the MDM system to secure the Greenyard mobile environment.

Retention period- Personal data will be retained as long as necessary to achieve the purpose for which it was collected and for any period thereafter as legally required or permitted by applicable law.

Rights - You may have the right to access, correct, restrict and request removal of your personal data by contacting at link to be included and the right to lodge a complaint with a supervisory authority. Greenyard uses industry-standard safeguards to protect your personal data.  Find out more in our Employee Privacy Notice at link to be included. Transfer - Greenyard may transfer personal data to certain Greenyard entities and third parties globally. Greenyard will transfer EEA personal data to these entities on the basis of adequacy decisions by the EU Commission, contractual fair processing terms, EU Standard Contractual Clauses and Binding Corporate Rules.

You confirm you have read and will abide by the following policies:

  • This Notice
  • Greenyard Employee Privacy Notice on the Greenyard Employee Portal
  • Greenyard IT Acceptable Use Policy
  • Greenyard Global Mobile Communications Policy
  • Greenyard Security Policy
  • Greenyard Code of Conduct Policy