38 lines
1.1 KiB
Markdown
38 lines
1.1 KiB
Markdown
# GDPR & Data Compliance
|
|
|
|
Version: v0.6.0 Beta\
|
|
Date: 2026-02-20
|
|
|
|
## Data Types (Typical)
|
|
|
|
- Transaction data (items, totals, payment method)
|
|
- KlubKort account identifiers (card/searchkey) and balance
|
|
- Operational logs (system / print agent)
|
|
|
|
## Processing Purpose
|
|
|
|
- Completing sales and producing receipts
|
|
- Maintaining customer account balance (KlubKort)
|
|
- Basic operational auditing and troubleshooting
|
|
|
|
## Storage & Retention
|
|
|
|
- Primary storage is local on the terminal
|
|
- Hourly backups are created for recovery and reporting
|
|
- Retention should be defined per event (recommended: minimum needed
|
|
for accounting + troubleshooting)
|
|
|
|
## Security Controls
|
|
|
|
- Offline-first design (no public POS exposure required)
|
|
- Restricted access to SUADMIN and system accounts
|
|
- Physical access control to the terminal is required
|
|
- Secure tunnel recommended for backup transfer
|
|
|
|
## Recommendations for Operators
|
|
|
|
- Restrict access to the terminal and admin panels
|
|
- Keep Windows user accounts protected
|
|
- Verify backups before/after events
|
|
- Document retention period and deletion procedure
|