GDPR Policy

The European Union has brought in a new data law called “General Data Protection Regulation” (or GDPR for short) that we take very seriously in which to protect you and your data securely.  Here is our GDPR policy, published for complete clarity and fair openness.

Responsibility

Our software modules are a SaaS (Software as a Service) model and is owned and operated by Mark Andrew Smith Limited, an Irish company, registered in the Republic of Ireland.  Both our company and your business has a joint responsibility of ensuring that all private data is secured correctly, and access to that data is only granted to who you specify.  Your data will not be shared with any other third party.

Data Held

Your data will be held securely, in a secure data centre.  We have a number of secure locations so that a copy of your data is held in multiple geographic locations in case of hardware failure, network failure, and for disaster planning.  In which to facilitate these multiple geographic locations, your data will be held both inside and outside the European Union.  This ensures that your data is always available, at all times, and for when you want it.  You can access and download all your data from our servers at any time.

Processing Data

We will process your data in multiple data centres.  This is for fault tolerance redundancy.  Where it is applicable, we will relay message from yourselves to your clients via our email or SMS text gateways.  We will not contact your clients except for the automated GDPR permission requests.

Access

By default, users of the system can only see their own data assigned to them.  However, if your user requires access across data sets in which to carry out their role, then the law permits this, and the system can be adjusted to allow for this facilitation.

We do not allow third parties access to your data, nor do we harvest your data in which to sell to any other third party.

Permission

The system will automatically request permission from your clients to, hold their data, process their data and to automatically contact them with case updates via email or SMS text message as appropriate.  We may need to renew permission from time to time in the event of any legal entity change.

Providing Client Data

The system has a built in function to allow a user to download all the data that you store on them.  This is a legal requirement.

Right to be Forgotten

The system has a built in function to remove users private data and remove the user, allowing the user the right to be forgotten.  This is a legal requirement.

Print Friendly, PDF & Email