GDPR (General Data Protection Regulation) became effective as of May 25th, 2018. The GDPR replaces national privacy and security laws that previously existed within the EU with a single, comprehensive EU-wide law that governs the use, sharing, transfer and processing of any personal data that originates from the EU.
Our commitment to the GDPR
Our policy is to respect all laws that apply to our business and this includes the GDPR. We are committed to helping our customers stay in compliance with GDPR and/or their local requirements.
- In addition, here are a few things that our group is committed to doing to ensure our compliance with GDPR and that of our customers:
Where we are transferring data outside of the EU, we commit to having the appropriate data transfer mechanisms in place as required by GDPR.
- Commitment to follow the appropriate security measures and precautions in accordance with GDPR and other privacy laws outside of the EU.
- Notification to regulators of breaches and promptly communicating any breaches to customers and users.
- We will ensure that employees authorized to process personal data have committed to confidentiality.
- Annual risk assessments on all vendors, processors and sub-processors to ensure the highest level of security and data processing frameworks including GDPR compliancy.
- Where appropriate, we will offer contractual language documenting our commitments to our customers to support their GDPR obligations.
- You have a direct contact for data protection and GDPR, the Data Protection Officer. For any questions you have please contact – email@example.com
Our role under the GDPR
We act as a data controller for your company data. We’ve mapped out everywhere your data exists and how it moves throughout our systems.
- Privacy. We’ve taken a very deliberate approach to respecting our clients’ privacy. We only collect the data we need at any point to provide the promised services. We have implemented privacy by design to ensure the collection and retention of data is minimized to only what is critically needed.
- Data Categories. We categorize the data we collect and receive in the following ways: Client Company Data and Worker Data.
- Client Company Data. This category of data relates to information specific to the account-holding company that is using the services of our entities within the group. We only collect the minimum required data to provision and operate your account. In addition to provided data, we also collect application-specific information such as your IP address(es). This information is used to provide diagnostics for support and to protect the system from unauthorised use.
- Employee Data. Any employee data collected is to provide the contractual services to the client company. The standard set of data collected is derived from the minimum requirements to perform the services that which have been contracted to do. Employee data is, if configured as such using an API, be used for facilitating payroll processing and HR services. Application-specific information, such as your IP address(es), is collected and used to provide diagnostics for support and to protect the system from unauthorised use.