GDPR¶
What Is Done with Personal Data¶
Personal data is stored in Lime CRM as a way of identifying a user when logging in. Depending on the configuration, this could be on the Person or Coworker object for example.
Why Personal Data Is Needed¶
Email or personal number is required to identify a user when logging in. This to determine that the user has access to use Lime Portal.
What Personal Data¶
- Personal identity number
This can vary depending on the setup of the limetype used, since all data on the object is returned currently.
Transfer of Personal Data¶
When the user logs in, all of the data related to the limetype is transfered to Lime Portal. The portal does not persist any data, it is only saved to a temporary file and available for the duration that the user is logged in. Once the user logs out, the file is deleted.
When using BankID¶
When BankID is used to log in, Lime Gävles BankID service is used to communicate with BankID, acting like a middleman. Once a login request is started, all data provided by BankID is stored in Lime Gävles BankID service.
Logging of Personal Data¶
In case that an exception is thrown in Lime Portal, it is possible that some of the users personal data could be exposed to the log. This is entirely dependent on customizations in the portal.
Logs are stored a minimum of 14 days in Lime Portal. It works as such that the maximum amount of log files is 14, but if there are no log statements for one day that log-file is never created. Which means that the log-file created the day before, will be available for 15 days if logging is done every day going forward.
It is very unlikely that the log will be skipped for a day, so it is best to assume logs are stored for 14 days.
Possible Avoidance of Using Personal Data¶
No options as of now. Future versions will investigate the possibility to make this configurable, i.e. what data is returned to the portal.