The Blue Label needs confidential information from both suppliers and sub-suppliers to make a thorough assessment of products.
We know that, for some product types, the manufacturer may not necessarily have information on the content of all raw materials or substances, as the sub-supplier may see this information as confidential.
However, we need to know all substances in all the raw materials present in the product, in order to make the necessary assessment. If there is an issue concerning confidential information, we can sign a non-disclosure agreement with you or your sub-suppliers. The confidential information will only be used for the evaluation of the ingredients and the overall assessment of the product/raw material.
Asthma-Allergy Denmark requires that the non-disclosure agreement refers to Danish or, if applicable, German law.
The non-disclosure agreement and the data will not be disclosed to third parties.
Regarding handling and storing of data, we handle them as follows:
Sensitive data from manufacturers - including formulations and the like. - are only handled by employees who are related to product assessment. All employees have signed a separate agreement on the handling of confidential data. All confidential data may only be printed through secured print and only at the office. All materials are shredded by discarding.
Data retention is secured on several levels:
- No data is stored on local clients
- All data is handled in secured systems in the cloud - including office 365 Business + MS Azure
- Only trusted employees have access to the sensitive data folders on respectively Office 365 and MS Azure.
- All employees have unique codes that are renewed every 2 months and all employees with access to sensitive data from manufacturers use two-factor login (implemented from May 1, 2018). Data may only be kept for as long as it is relevant. After this all data is deleted.
Additional information about Microsoft Security Certifications is available on their respective page: ISO 270014 etc.