Qiy Trust Principles

Access

I shall have access to all my personal data and data that I generated by using online services or connected devices.

Transparency

I shall be able to easily gain insight in the use of my personal data and data that I generated by using online services or connected devices: Who is processing my personal data, for which purpose, how and under which agreements.

I shall also be able to monitor any past and present use of this data.

Control

I shall have control over personal data and data that I generated by using online services or connected devices. Within the limitations set by law:

• I can choose to share my personal data and data that I generated by using online services or connected devices,
• I have the right to terminate the processing of my personal data and data that I generated by using online services or connected devices, without undue delay, whenever I wish,
• I have the right to have my personal data and data that I generated by using online services or connected devices, deleted without undue delay, whenever I want.

Origin

I shall be enabled to share my personal data in such a way that its authenticity, content, source, currency, validity and integrity can be reliably established and verified.

This allows me not only to reuse my personal data, but also to share verified data.

Anonymity

Within the limitations set by law I shall have the right to remain anonymous. In cases in which certain data are indispensable for the delivery of a particular service, I shall be informed and be given the option to choose whether or not to submit that data.

Consent

My personal data and data that I generated by using online services or connected devices, may only be processed with my freely given consent and for specific purposes. This data may not be further processed in a manner incompatible with those purposes.

I shall have the right to withdraw my consent at any time or, in the case of a contract, upon termination of the contract or expiration of the period specified in the contract for which the consent was given. The withdrawal of consent does not affect the lawfulness of the processing based on the consent before it was withdrawn. It should be as easy to withdraw consent as it is to give consent. Consent is presumed not to be freely given if it does not allow separate consent to be given to different personal data processing operations despite it being appropriate in the individual case, or if the performance of a contract, including the provision of a service, is dependent on the consent despite such consent not being necessary for such performance.

Data minimisation

The amount and nature of personal data and data that I generated by using online services or connected devices, requested by an organisation must be adequate, relevant and limited to what is necessary in relation to the purpose(s) for which it is processed.

Online tracking

Online tracking is not permitted without my prior express consent.

Security Policy

Each data controller, each processor and each developer of an application through which I can exercise control over my data shall ensure that my data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by using appropriate technical or organisational measures. Each data controller, each processor and each app developer shall have an adequate security policy, based on the requirements set by or on behalf of the Qiy Trust Framework Authority.

Privacy Statements

Data controllers accept that these Qiy Trust Principles take precedence over their existing or future privacy statements if they provide a higher level of protection and that the provisions of their privacy statements that are inconsistent with the Qiy Trust Principles shall be deemed null and void.

Complaints and Disputes

Each organisation that has been granted access to the network layer of the Qiy Trust Framework shall publish on their website a clear and easily findable notice indicating to whom complaints can be filed and who I can address in case of a dispute.