General Data Protection Regulation (GDPR)
The General Data Protection Regulation hereinafter referred to (GDPR) is a new EU law which affects all organisations that hold and process the personal data of EU citizens.
In compliance with the (GDPR), we are responsible for protecting the personal data we collect from our clients upon sign up (name, email, address, password, billing data). We must also ensure that our clients’ data hosted on our servers during their usage of our services is also protected. We collect, store and work with our clients’ data in a legitimate way and we want to inform you of how we do this. We would also like to provide transparency as a processor on the way we store the data our clients host on our servers.
The GDPR says we have to inform clients what data we collect about them and legitimise how we use it afterwards. We only collect a minimal amount of personal data that is required to deliver the hosting service to your company. We collect your physical address for invoicing and tax purposes, your email address to contact you about our service, orders and important information relating to your business with us. We never use any of the data collected for profiling, secondary purposes and we do not sell it to anyone.
In conformance with the GDPR requirements, our new Privacy Statement will fully describe why and how we collect and process your personal information. As our client you can validate that we handle this information carefully and responsibly.
Internal Procedures and Access-Control
In line with the GDPR we are auditing and enhancing our security, access control and data storage provision. We are adding new procedures where this is required by the new regulation. For example, we are implementing higher levels of security authentication for sensitive data and access control we have to third party companies used by the client.
Data Protection by Design and Data Protection Impact Assessments
Security and protection of client’s data is our primary priority. Whenever we develop a new system, security comes as the first design principle of the architecture of a system. Our first goal is to protect the integrity of the new production system. Our second goal is to protect the customer data that is being stored and used by that system.
New Data Processing Agreement
Many of our clients operate using the personal data of their own customers. For example, they take orders, they collect emails through sign up forms, they process credit cards, and more. Our client controls their customers’ data and how this data gets collected and used. Corntech Limited stores this data on our servers and therefore takes part in its processing. The new data processing agreement will regulate our processing of that data only for the purposes of delivering the hosting service and resolving technical inquiries and no other secondary functions. This has always been the case. In providing services to our customers we are committed to be a trusted partner, adhering to the principles of transparency, and meeting our obligations under GDPR adequately.
Right to be Forgotten
Under the GDPR every client can request “to be forgotten”, meaning all their data has to be deleted and never used again, except in certain circumstances, which may include having to keep processing your personal information to comply with a legal obligation. An example of such obligation is the requirement to keep a copy of all invoices to comply with financial and tax legislation. We will comply and act on our clients’ right to be forgotten via written communication to CORNTECH
Where Are We Now?