Traka supplies Key Cabinets and intelligent Locker systems. These products keep keys & assets safe from unauthorised access, and allow only authorised users to remove and return the keys/assets they are entitled to. Traka systems give full accountability of who has (or had) which keys/assets and at what time and date.
This is usually managed by software that runs on either the Traka product and/or the client’s computer network. To achieve all this, the Traka products hold personal information in order to identify individual users as well as the keys/assets. Examples of this are the storage in the Traka products of names, email address, PIN/card numbers and other detailed personal information required by a Data Controller (any organisation using the Traka systems).
Please be aware that under General Data Protection Regulations (GDPR) any Data Controller “shall be responsible for, and be able to demonstrate, compliance with the principles of GDPR”. With regards to the personal data held on Traka products, the company or organisation that owns and operates the Traka system is the Data Controller as they are responsible for obtaining that data and for determining the purpose and legal grounds for which it is to be used.
Traka are happy to confirm that its products have the functionality & protection in place for an organisation to meet GDPR obligations including the fulfilment of the following rights to individuals (please note that to fulfil these requirements a process of using the software reporting process and/or exporting screen shots will be required):
to be informed how their personal data is being used
to access the personal data that is being held
to rectify if any of their personal data is inaccurate or incomplete
to erase and delete personal data
to restrict processing of their personal data
to obtain a copy of their personal data
to object to their personal data being processed
On this basis, operators of Traka systems are reminded that they must take into account their obligations and responsibilities under GDPR when carrying out the following:
Determining what personal data is to be held within the system and the legal grounds for doing so
Obtaining the personal data from individuals and inputting it to the system
Determining the appropriate access controls for the system and the data held on it
Defining who is able to process the personal data and putting in place the appropriate Data Processor Agreements
Understanding the requirements for, and implications of, sharing the personal data with other systems that are integrated to the Traka system
Removing/deleting/erasing personal data from the system (including any backup copies) and dealing with Subject Access Request or Data Breaches
For more information about GDPR in relation to Traka products and systems, please contact GDPR@traka.com