Nonius GDPR compliance

Nonius is an integrator and manufacturer of software and networking appliances for the hospitality market and the type of products Nonius supplies process and store data of many types. Nonius products are data processors, and Nonius’s customers are the controllers of that data. The controllers can decide to which parties give access to data,  but that is entirely a decision of our customer, the property owner.

That said, Nonius’ commitment to protecting user personal data and to the GDPR is:

1. Nonius never shared and will not share personal identifiable information processed by Nonius products.  Only customers, the entities that own Nonius products on premises or use Nonius cloud services, may share personal data captured by the Nonius products. However, Nonius is actively assisting its customers achieving GDPR compliance by providing customers with tools to implement services that are GDPR compliant. Nonius customers can decide what to do with the data and with the tools provided remain compliant.

2. Nonius uses some data to improve product and service efficiency and to better provide support to customers and end users. Nonius will carry on using such data in the legitimate interest of our clients and end users. Guest or hotel support call center agents have and will keep on having access to personal data, like the name of the client, for the sole purpose to assist in troubleshooting problems and improve process efficiency.

3. Nonius will limit the collection and the transfer of personal data to the minimum required to perform the support tasks and improve systems efficiency. More specifically, the user personal data processed and stored by various Nonius products are used to simplify and improve experience while staying at the hotel and the data they usually store is: room no., surname, email address, date of check-in/checkout, purchases made on TV and mobile App, MAC and IP addresses of the users’ devices,  etc. Nonius limits the data that is processed to the data that is essential and relevant to the business process.

4. Nonius is constantly developing new products and acquiring companies that bring new products and services to the portfolio of the group. Nonius will endeavour to apply all the same rules to all  products and commits to be transparent to our customers in case some of the products and services need further development for secure handling of personal data.

5. Nonius will adhere to GDPR requirement and will communicate data breaches to affected customers and end users in a timely manner. All on premises and cloud-based products are exposed to threats and can be compromised,  especially the systems that are exposed to the Internet, which is the majority of Nonius products. Nonius tests periodically all cloud servers and on premises appliances for security vulnerabilities in order to prevent security failures.

6. Nonius keeps EU residents data stored within the EEA (European Economic Area). Nonius provides products that are for use on premises and some as well are cloud-based. Nonius cloud-based products were built with data protection in mind and its  architecture limits to the minimum the amount of personal data that is transferred from any customer device to the Nonius Cloud. Nonius cloud-based products are configured to operate in the servers based in the EU.

7. Nonius ensures that even the network management information and backups are stored only within the EEA. Nonius servers are organized in regional clusters, and storage is backed up for maximum reliability and Nonius guarantees that even in the case of backup for disaster recovery the data is still kept within the EEA.

8. Nonius, which sells to customers everywhere in the world, will endeavor to use  GDPR as the foundation for data protection for all people across the world and not only for european residents.

Nonius aims to be fully GDPR compliant. This includes not only compliance of our products but also compliance of the company as a whole. Nonius had already implemented a consistent level of data protection and security in our products and will improve products and processes in line with the GDPR requirements.

Any GDPR related questions can be addressed to Nonius DPO (Data Protection Officer) at dpo@noniussoftware.com.