Customer ethics Charter
The purpose of this charter is to evaluate and review (prospective) engagements using a pre-agreed set of principles and actions. We value privacy because we believe that privacy has a positive impact on the personal well-being of individuals and on the functioning of a democratic society.
Roseman Labs enables data-collaboration by guaranteeing privacy and confidentiality. Organizations that seek to create more impact from data-collaboration use our solution to protect privacy of individuals and confidentiality of (trade) secrets. Our technology contributes to applications and partnerships in various sectors. While doing so, we realize that we have an obligation to never support circumvention of legal requirements by technical means as it contradicts the spirit of the law or reduces privacy.
Principles we adhere to
To this end we will stick to the following principles and actions.
Every engagement adheres to the following principles, aligning with those of the GDPR :
- Has a sound legal basis that is clear and verifiable. (Particularly with respect to: GDPR and sector-specific laws and regulations such as WGBO for healthcare, Elektriciteitswet for energy utilities, WPG for law enforcement, etc.)
- Processes data with an explicit and legitimate purpose.
- Protects accuracy and offers proper ways for rectification.
- Prevents re-identification of individuals as much as possible, takes measures to minimize residual risk, and makes residual risk explicit.
- Ensures appropriate information security, including protection against unauthorized or unlawful processing and against accidental loss, using appropriate measures.
- Assigns roles of controller and processer and makes compliance externally verifiable.
To adhere to these principles, we will:
- Ensure our clients conduct a Data Protection Impact Assessment (DPIA) process unless there are clear and obvious reasons this is not required.
- If our client is willing to share the DPIA with us, file and review the DPIA for our own records and verifiability by our stakeholders with a legitimate interest, and for learning.
- Seek external ethical or legal counsel when considerations exceed our ability to properly evaluate them.
- Apply high information security standards to our own environments, including strict segregation of duties of the MPC-servers that we host for our customers.
Questions or suggestionsIf you have any questions or suggestions, please let us know!
Please reach out to us at firstname.lastname@example.org.