ActIn Time GDPR Policy
The General Data Protection Regulation is a new, European-wide law that replaces the Data Protection Act 1998 in the UK. It places greater obligations on how organisations handle personal data. It comes into effect on 25 May 2018. The GDPR is an evolution of the existing law. If you are already complying with the terms of the Data Protection Act 1998, and have an effective data governance programme in place, then you are already well on the way to being ready for the GDPR.
Any organization that works with EU residents’ personal data in any manner, irrespective of location, has obligations to protect the data. We are well aware of its role in providing the right tools and processes to support its users and customers meet their GDPR mandates.
Wisegrove Ltd. takes security and privacy very seriously and has been a registered member of the Data Protection Act since 2003.
Rest assure, Wisegrove Ltd. takes the utmost caution and care with any customer’s data. Additional security procedures and safety measures have been tightened and further internal training for all staff has been carried out. ActIn Time does not keep any data longer than necessary and encourages customers to store any working files or backups on their server’s where possible. Procedures are in place to remove/delete old customers data from our servers.
The software we supply is installed on your IT infrastructure and is controlled by your IT security. We do not have access rights to your network infrastructure and customers are advised to re-evaluate their internal security and passwords. However, some customers have allowed us 24/7 access to their networks for support purposes and any passwords or access codes given are protected by our security which is in line with the GDPR rules.
Customers data will only be used for the reasons it was supplied and never given to any 3rd party organisation without the customers consent.
ActIn Time GDPR statement
- ActIn Time will delete, destroy or return all personal data to the customer at the end of their contract;
- ActIn Time will assist all customers when responding to any request under the GDPR and providing access to an individual’s personal data;
- ActIn Time will take appropriate measures to ensure the security of personal data;
- ActIn Time will not transfer any personal data for processing in a country outside of the European Union;
- ActIn Time will only act on the customer’s instructions (unless legally required to act without the customer’s prior instructions);
- ActIn Time will at all times ensure that all people engaged in data processing are under a strict duty of confidentiality;
- ActIn Time will only engage a sub-processor which meet all the requirements and obligations under the GDPR;
- ActIn Time will only use the customers data for the reasons it was supplied and never given to any 3rd party organisation for any other reason it was supplied, without the customers consent;
- ActIn Time will assist the customer in meeting their obligations under the GDPR, in particular, their obligations relating to security of processing, the notification of personal data breaches and data protection impact assessments;
- ActIn Time will provide the customer with whatever information needed to ensure both organisations meet their respective obligations under Article 28 GDPR (written processor agreement);
- ActIn Time will inform the customer whenever we are asked to do something with the personal data provided to us which might infringe the GDPR or other applicable data protection laws.
- ActIn Time reserve the right to update and modify their policy at any time for the reasons of remaining compliant with GDPR and Privacy Policies.