1. Help-Center
  2. Robin Data Software
  3. Top navigation: Data protection

Manage locations

Organisations have one or more sites with responsible employees. Personal data is exchanged between the sites within and outside the EU. These data flows must be recorded and legally secured.

Background

Larger organisations such as groups of companies, corporations, municipal administrations or social welfare organisations often consist of several locations between which personal data is transferred.

From a data protection perspective, it is important to ensure that the transfer between these locations is legally permissible. Data traffic is always legally permissible of personal data:

  • are transferred within the European Union,
  • transferred outside the European Union to third countries with an adequate level of protection

Data traffic is always legally impermissible if personal data:

  • are transferred outside the European Union to third countries without an adequate level of data protection.

In addition to the above criteria, there must also be a legal basis for the data processing. This can be recorded in the record of processing activities for each processing activity.

The European Commission decides which third countries meet adequate data protection requirements.

The organisation's locations are subject to different data protection-related restrictions, depending on their characteristics. The following issues play an important role in data protection for sites: 

  • Is a site located within the European Union?
  • Is a site located in a third country with an adequate level of data protection?
  • Is a site located in an unsecure third country and there are agreements in place there, such as the Standard Contractual Clauses, which nevertheless permit data transfer? 

How to proceed if a site is located in a third country is described in this Wiki article. How to transfer data to the USA in a legally compliant manner can be found in this Wiki article. 

Manage locations

  1. In the main menu click on Data protection: A dropdown menu will open. 
  2. In the dropdown menu click on Locations: The table view will open. 

 The general functionality of the table view is described in the article Using the table view.

locations_1

Click to enlarge image


In the table view you can see the overview of the already created locations. 

This video is currently only available in German.

Create locations

  1. In the main menu click on Data protection: A dropdown menu will open. 
  2. In the dropdown menu click on Locations: The table view will open. 
  3. Click on the button +Location: A quick start input mask opens in which the title and city can be recorded. 
    zwischenfenster-location-EN
  4. Fill out the fields of the quick start input mask.
  5. Click on Edit: An empty input mask will open. 
  6. Fill out the input mask.
  7. Click on Save: The location has been created and will appear in the table view.

Note

If you select Without edit in the quick start window, the location will be saved in the table view without any further details, and can be edited at a later time. 

Data areas of the input mask

locations_5

Click to enlarge image

 

The left panel has the following data areas:

Data area: Specification

This data area has the following form fields:

  • Title (mandatory field): Enter the title of the location. The title will be displayed in other form fields if you need to assign records to locations. This is the case, for example, when creating the list of processing activities.
  • Legal form: Enter the legal form of the site. If sites are part of a larger organisation, e.g., a corporate group, they are often separate companies organised as a separate legal form, such as that of a GmbH or AG. At this point you can select the respective legal form.
  • Headquarters (mandatory field): Indicate whether the registered location is the company's headquarters.  It is relevant under data protection law whether the main location is located within the EU. If this is not the case, according to Article 27 GDPR, a controller for this location with headquarters within the EU must be named. Ideally, this is also reported to the competent supervisory authorities and at least named in the privacy policy on the company's website. Within Robin Data, the controller is to be created as a person.
  • Country (mandatory field): Specify in which country the site is located. For data protection reasons, it is important to know to which countries personal data is transferred. If personal data is transferred outside the EU, this transfer may need to be secured by special contracts.
    locations_3
  • Responsible persons: Select a person who is the responsible person for this site. For example, this can be an executive director, office manager, plant manager, or facility manager. To select a person from the list, you must first create the person.
  • Representative within the EU: If the main site is located outside the European Union, a responsible person for this site with headquarters within the EU must be named in accordance with Article 27 GDPR (see also "Main site"). This can in principle be any person in your organisation, but is ideally a person with a management function. To be able to select a person from the list, you must first create this person.
  • Type (mandatory field): From a data protection perspective, it is important to specify for each location whether it is a so-called public body or non-public body. Public bodies, at least in Germany, are subject not only to the general data protection regulations (GDPR, BDSG) but also to the data protection regulations of the individual federal states (state data protection law).
  • Supervisory authority: Select the responsible supervisory authority.

Data area: Address

This data area has the following form fields:

  • Street, house number: Enter the street and house number of the location.
  • Postcode: Enter the postal code of the location.
  • City: Enter the city of the location.

Data area: Contact information

This data area has the following form fields:

  • Phone: Enter the general phone number of the location (e.g. the receptionist)
  • Fax: Enter the general fax number of the location (e.g. the mailroom)
  • Email: Enter the location's general email address (eg. info@examplelocation.com)
  • Website: Enter the location's or the overall organisation's website

The right panel has the following data areas: 

  • Status Tab: In this tab it is possible to manage the status of a document and to add notes about the location.
  • Activity Tab: In this tab all the activities linked to your record are displayed. To create an activity, click the Create Activity button in the upper right corner. This will open a new input form, see the Activities Manager article for a more detailed explanation.
  • Attachments tab: In this tab you can add related documents by clicking the Select File button.
  • External Links Tab: In this tab you can link related information using the Add external link button.

Data area: Status

This data area has the following form fields.

  • Notes: Your notes about this location.

The general use of the input masks with forms is explained in the article Input masks with forms.

Further questions? - We are here for you.

If you have any questions about the software, please contact our support team. You can reach us at support@robin-data.io.