GDPR (General Data Protection Regulation) became effective as of May 25, 2018. The GDPR replaces national privacy and security laws that previously existed within the EU with a single, comprehensive EU-wide law that governs the use, sharing, transfer and processing of any personal data that originates from the EU.
Our policy is to respect all laws that apply to our business and this includes the GDPR. We are committed to helping our customers stay in compliance with GDPR and/or their local requirements.
In addition, here are a few things that our group is committed to doing to ensure our compliance with GDPR and that of our customers:
We act as a data controller for your company data. We’ve mapped out everywhere your data exists and how it moves throughout our systems.
Privacy. We’ve taken a very deliberate approach to respecting our clients’ privacy. We only collect the data we need at any point to provide the promised services. We have implemented privacy by design to ensure the collection and retention of data is minimized to only what is critically needed.
Data Categories. We categorise the data we collect and receive in the following ways: Client Company Data and Worker Data.
Client Company Data. This category of data relates to information specific to the account-holding company that is using the services of our entities within the group. We only collect the minimum required data to provision and operate your account. In addition to provided data, we also collect application-specific information such as your IP address(es). This information is used to provide diagnostics for support and to protect the system from unauthorised use.
Employee Data. Any employee data collected is to provide the contractual services to the client company. The standard set of data collected is derived from the minimum requirements to perform the services that which have been contracted to do. Employee data is, if configured as such using an API, be used for facilitating payroll processing and HR services. Application-specific information, such as your IP address(es), is collected and used to provide diagnostics for support and to protect the system from unauthorised use.
We have implemented many systems and security measures to ensure data remains safe in transit and at rest, this always being encrypted. The infrastructure has been architected and designed with security and privacy at the forefront. All data resides on “private” networks and are not directly attached to the internet. A layered security model is in place and is configured as per industry best practice. The group engages third party penetration testing consultants that regularly review and test the environment.
*Please note that not all rights can be exercised if the following applies:
To exercise any of your rights above please contact: email@example.com
To place a data subject request or any other questions relating to the use of your data please email: firstname.lastname@example.org