Redkite Data Protection and Privacy Statement

Similar documents
Due Diligence March 2018 Page 1 of 6. Company

PS Mailing Services Ltd Data Protection Policy May 2018

This Privacy Policy applies if you're a customer, employee or use any of our services, visit our website, , call or write to us.

Data Security at Smart Assessor

UWC International Data Protection Policy

Graff Search Limited ( Graff Search ) is a recruitment agency and recruitment business.

Talenom Plc. Description of Data Protection and Descriptions of Registers

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

Subject: Kier Group plc Data Protection Policy

Version 1/2018. GDPR Processor Security Controls

Cloud Compute. Backup Portal User Guide

FIRSTBEAT TECHNOLOGIES OY DESCRIPTION OF PERSONAL DATA PROCESSING FOR PARTNERS - FIRSTBEAT LIFESTYLE ASSESSMENT

It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).

Cherubs Beauty Spa - Privacy Notice

INFORMATION ASSET MANAGEMENT POLICY

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

UWTSD Group Data Protection Policy

"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.

DATA PROTECTION POLICY THE HOLST GROUP

Privacy Notice For Ghana International Bank Plc customers

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

Data Warehouse Risk Assessment (GDPR)

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd

DATA PROTECTION SELF-ASSESSMENT TOOL. Protecture:

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

Data Sharing Agreement. Between Integral Occupational Health Ltd and the Customer

Privacy Notice for Customers

GDPR Compliance. Clauses

Pathways CIC Privacy Policy. Date Issued: May Date to be Reviewed: May Issued by Yvonne Clarke

1.3 Please follow the links below for further information. Where relevant, we have made a distinction between different categories of data subjects:

Eco Web Hosting Security and Data Processing Agreement

Blue Alligator Company Privacy Notice (Last updated 21 May 2018)

A company built on security

Data Protection Policy

DATA PROTECTION PRIVACY NOTICE PROTECTING YOUR PERSONAL INFORMATION: YOUR RIGHTS, OUR RESPONSIBILITIES

PRIVACY POLICY. 1. Introduction

Polemic is a business involved in the collection of personal data in the course of its business activities and on behalf of its clients.

Spectrum Wellness Privacy Statement

GDPR Data Protection Policy

What options NETIM offers, including those related to gaining of access to and updating of information.

Sparta Systems Stratas Solution

Data Protection Policy

Healing School - A Science Academy GDPR Policy (Exams) 2018/19

Privacy Policy GENERAL

ADMA Briefing Summary March

Sparta Systems TrackWise Solution

Bournemouth Churches Housing Association: National Citizen Service (NCS) PRIVACY NOTICE

The GDPR toolkit. How to guide for Executive Committees. Version March 2018

ADEA PASS CUSTOMER SERVICE

General Data Protection Regulation

Privacy policy. Definitions and interpretation

GRANDSTREAM PRIVACY STATEMENT

General Data Protection Regulation (GDPR)

Sparta Systems TrackWise Digital Solution

DATA PROTECTION & PRIVACY POLICY

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

Privacy Policy. Due Diligence Checking Limited ( We or Us ) are committed to protecting and respecting your privacy.

EU Data Protection Agreement

2. The Information we collect and how we use it: Individuals and Organisations: We collect and process personal data from individuals and organisation

SECURITY & PRIVACY DOCUMENTATION

Creative Funding Solutions Limited Data Protection Policy

Motorola Mobility Binding Corporate Rules (BCRs)

zsah Cloud Offering Security FAQ In partnership with Clearswift

SDL Privacy Policy Cloud Services

Privacy Policy: North East Contemporary Arts Network (NECVAN)

M T BUCKLEY & Co Chartered Accountants

Zemlja-Voda-Zrak Ltd. Further addressed as»natural Croatia« Privacy Policy

Lichfield Cruising Club 2000 Ltd. Privacy Policy

Data Protection and GDPR

TIA. Privacy Policy and Cookie Policy 5/25/18

General Data Protection Regulations Privacy Policy

These pieces of information are used to improve services for you through, for example:

Cardiff University Security & Portering Services (SECTY) CCTV Code of Practice

INFORMATION SECURITY AND RISK POLICY

2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.

CURTIS BANKS LIMITED. Privacy Information Notice. curtisbanks.co.uk

This policy also applies to personal information about you that the Federation collects from any other third party.

Data protection policy

GENERAL DATA PROTECTION REGULATION (GDPR)

The Apple Store, Coombe Lodge, Blagdon BS40 7RG,

Data Protection Policy

Prohire Software Systems Limited ("Prohire")

Wonde may collect personal information directly from You when You:

Toucan Telemarketing Ltd.

OUR CUSTOMER TERMS CLOUD SERVICES - INFRASTRUCTURE

Privacy Policy. Act shall mean the Information Technology Act, 2000 and Rules thereunder as amended from time to time.

New Zealand Telecommunications Forum. Code for Vulnerable End Users of Telecommunication Services. ( Vulnerable End User Code )

CNH Industrial Privacy Policy. This Privacy Policy relates to our use of any personal information you provide to us.

Information Security Data Classification Procedure

Oracle Data Cloud ( ODC ) Inbound Security Policies

PRIVACY POLICY PARTNER

Google Cloud & the General Data Protection Regulation (GDPR)

INFORMATION TO BE GIVEN 2

Data Processing Agreement

The General Data Protection Regulation

Down Under Centre Employment Hub - Privacy Policy Introduction

WELCOME ISO/IEC 27001:2017 Information Briefing

Five steps to securing personal data online Gary Shipsey Managing Director

Enviro Technology Services Ltd Data Protection Policy

Transcription:

Redkite Data Protection and Privacy Statement March 2018

Version Control Date Version No. By whom 28 November 2017 1.0 D. Arber 09 January 2018 1.1 D. Arber 30 March 2018 1.2 D. Arber Table of Contents 1. Purpose... 3 2. Assumptions... 3 3. Roles... 3 3.1 Data Controller... 3 3.1.1 The function of the data controller is:... 3 3.2 Data Processor... 4 3.2.1 The function of the data processor is to determine:... 4 4. IT systems and the security surrounding your personal data.... 4 5. Minimalization of data and Type of data processed... 4 6. Deleting personal information.... 5 7. Deleting or Return of data on termination of our agreement... 6 8. Notification of Personal Data Breach... 6 9. Transfer of information outside the UK... 6 10. Written permission to hold and process your data.... 6 2 Redkite Systems 2018 Version 1.2

1. Purpose 1.1 We take the privacy and security of your information very seriously and have adopted security measures both within the physical environment in which your information is stored and within the applications to ensure that your information is protected. 1.2 The purpose of this document is to outline what Redkite Systems is doing to meet the requirements of GDPR. 2. Assumptions 2.1 This document assumes that, for our hosted customers, that you, the customer, are defined as the Data Controller and we, as your supplier are defined as Data Processor. 2.2 For non-hosted customers, that you, the customer, are defined as Data Controller but also take on some responsibilities (highlighted with an *) from the list of responsibilities detailed below for the Data Processor. 2.3 That we agree that there is no specific technical requirement for system security in GDPR and that the data processing and security requirements are based on risk, the nature of the information stored within the system, and the purpose for which the information is processed together with other factors, and on that basis, we are confident that the security we have in place for our hosted customers is of a very high standard and is more than proportionate. 3. Roles 3.1 Data Controller 3.1.1 The function of the data controller is: to collect the personal data in the first place and provide the legal or other basis for doing so to determine which items of personal data to collect, i.e. the content of the data to determine the purpose or purposes the data are to be used for - i.e. managing training to determine which individuals to collect data about - i.e. fire personnel to determine whether to disclose the data, and if so, who to i.e. line managers and trainers to determine what access levels and other rights apply to each user - i.e. the access rights individuals have and the application of these rights through the system tools determine how long to retain the data how frequently amendments will be made to the data These are things that can only be done by the data controller. 3 Redkite Systems 2018 Version 1.2

3.2 Data Processor 3.2.1 The function of the data processor is to determine: what IT systems are used collect personal data * how to store the personal data * to ensure that the security surrounding the personal data is adequate and proportionate* the means and security applied when transferring the personal data from servers to the customer * the method for ensuring a retention schedule is adhered to, and the means used to delete or dispose of the data both during the term of the contract and upon termination of the contract. 4. IT systems and the security surrounding your personal data 4.1 We provide an optional free web hosting service for our customers which provides the level of security and data protection we deem necessary to secure your data and prevent any data breaches. If you are concerned about this level of security, we can help you re-locate your applications and data on to your own servers. 4.2 Your applications and data are held on a dedicated, secure server which is hosted in a secure data centre managed by Rackspace plc who manage our hosted servers and services. 4.3 No data is held on our premises. 4.4 Rackspace plc. hold ISO 27001: 2013 together with other security certificates and policies and we are satisfied that, working with Rackspace plc., we take all reasonable measures to protect your data. 4.5 Rackspace plc. undertake a daily differential and a weekly full back up of your data. Data is held at two data centres; the primary data centre and a second separate secure data centre also managed by Rackspace plc. 4.6 Data is transferred between centres by disc and offsite backups are encrypted with 256-bit AES encryption prior to leaving the primary data centre. Back-up data is retained for 28 days. Data can be restored from these back-ups on request during the retention period. 4.7 All data is transferred from our servers to you via the internet. All data is encrypted during transit between the secure hosted server and your browsers using https:// protected by Thawte 128bit (256bit browser dependent) SSL. (Look for the locked padlock on your screen.) 4.8 Data is retrieved from the system by users via each application and access to the information can be restricted by yourselves using tools available on the system. Access to the information is protected by a user name and password. It is the responsibility of the customer to ensure that passwords are robust. 5. Minimalization of data and type of data processed 5.1 The latest data protection legislation (GDPR) requires that both the data controller and data processor keep personal data held on systems to the minimum. 4 Redkite Systems 2018 Version 1.2

5.2 The Redkite applications only requires the following minimum information to function: A unique ID number this does not have to be a works or other identifiable number First name and Family name (the first name can be an initial) The individuals place of work (i.e. the airport or station at which they are based) Their department (where the license is for multiple departments) Their shift or watch Their employment status (optional) e.g. whole time, part time, etc. Their role (as defined in CAA CAP 699, where applicable, or as defined within other documents) Their rank (where applicable) An optional internal email address for notifications. 5.3 All other information is superfluous and should not be held on the system. 5.4 Redkite Systems is offering to physically remove any surplus information from your systems, on request. 5.5 Control measures currently available in the Tracker Editors are: 5.5.1 you can switch off your ability to capture and store additional personal details. The capturing of additional personal details was included on the system because previously there was a mandatory requirement from the UK CAA to store additional personal information. This information included date of birth, gender, start date of employment, address, next of kin details and next medical due date (without any specific medical information) and ethnicity. Capturing this data is no longer a requirement and the data should be removed from your system. If you require help with the removal, then please contact us. 5.5.2 applying strong passwords It is your responsibility to protect the access to personal information through the user interface and you can apply certain rules to ensure secure passwords are used on the system. These tools are found in the Tracker Editors / System options / Other menu. 6. Deleting personal information 6.1 Redkite Systems do not automatically delete any data, including personal information, from the system. Due to the way the various system modules integrate and the mandatory need to retain information in different modules for varying lengths of time, it is not technically possible. As the data controller, you will need to manage this - possibly by using the methods described below. 6.2 You can withdraw a person from the system via the system editors. You can also set the option Exclude withdrawn people from the system completely to YES. Once this is set, only the system administrator can see 5 Redkite Systems 2018 Version 1.2

this person s withdrawn record through the Tracker Editors and the records will not show up anywhere on the system. 6.3 We recommend that you put leavers into folders marked, for example Leavers 2018, Leavers 2019, etc. It is then quite straightforward to go into that folder and delete the leavers in that folder once the necessary retention period(s) expire. 6.4 Once you delete the person, the records will be permanently removed from the operational system. 6.5 You have a 21-day period in which to notify us of any records deleted in error as these can be restored from back-up during that time. After this time the data will be permanently removed from back-up discs. 6.6 On non-hosted servers you will need to remove the records from any back-ups yourselves. 7. Deleting or Return of data on termination of our agreement 7.1 On termination of your agreement with us your data will be returned to you as a SQL Server database, if requested, and / or deleted from our server. After 28 days the information will also be removed from any backups and the information cannot be recovered. 8. Notification of Personal Data Breach 8.1 We will notify our customers of any Personal Data Breach within 24 hours or the next working day from when we become aware of the Breach. 8.2 We will notify you of the nature of the Breach within a further 24 hours (or the next working day) and we will include what categories of information and approximate numbers of Data Subjects and Protected Data Records that have been affected. 9. Transfer of information outside the UK 9.1 All data is held in two secure data centres in London, England. Your data will not be moved outside of the UK. 10. Written permission to hold and process your data 10.1 Under the GDPR you are required to give written permission to us to store and process your data. To this end we have prepared a Hosted Data Usage Authorisation Agreement which will outline the ways in which Redkite Systems can and will use your data. This form can also be found on the web site under Free Hosting. 10.2 Please read and sign the Hosted Data Usage Authorisation Agreement. Once received, we will sign and send back a copy for your records. Electronic signatures are acceptable. 10.3 If you would prefer to use a different form then please send your data protection form for us to review and sign. 6 Redkite Systems 2018 Version 1.2

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback