The PDCA logo The Incident Register
  • Home
  • Features
  • Pricing
  • Support
  • Free trial
  •  English
    • English
    • Français
    • Español

Data Security and GDPR

For definitions of words used within and general limits and exclusions to this policy, please refer to the definitions contained in our terms of use.

When you sign up to use the Service provided by us, we follow this data processing and protection policy. Your agreement to this policy forms part of our terms of use for the Service. As with our terms, we may update or change this policy at our own discretion and at any time.

When we process customer data we apply the following data processing and protection policy. We process business-related data on your behalf only for the purposes set out below and in the context of the Service and only when acting on your instructions.

About this Policy

As a software supplier we insist that you, along with ourselves, comply with relevant data law such as GDPR. We collectively have a joint responsibility to process and control data in accordance with EU law and to respect the rights of any third party.

Information about the Data

Subject

The subject our our processing is only your lawfully acquired data used for business purposes.

Duration

Our processing will be limited to the duration of your use of our Service and at the end of this period all data shall be either returned to you and / or subsequently destroyed within a reasonable time period.

Purpose of Processing

The purpose of processing is to help your organization to improve.

The Nature of Processing

The Service is a software and database system used by you to help manage your organization.

Data Subjects

These may include data about your clients, prospective clients, associates and employees so long as you have a legal right to ask us to process such data.

Customer Data

Data being processed may include the following types of data: names, telephone numbers, address, email addresses and other information not considered high-risk under the terms of GDPR.

Limit of Processing Scope

We do not knowingly process data except according to the above criteria and we monitor our systems from time to time to check that this is the case.

Processor and Controller

For the purposes of data protection law, yous are data controllers and we are the data processor.

We, as Processor
  • We process personal data only in accordance with the terms of our terms and conditions and with your instructions (provided that such instructions are legal and in accordance with this policy).
  • We keep a record of data processing carried out on your behalf.
  • We cooperate with supervisory authorities and comply with requests from individuals exercising their rights under data protection legislation.
  • We implement any appropriate security measures required by data protection legislation.
  • We allow and comply with audits of our data protection practices requested by you.
  • We have appointed a data protection officer.
  • We comply with rules about data storage being located within the EU.
  • We will tell you about any personal data breaches as soon as we know about them.
  • We will let you know if you ask us to do something that in our opinion is against data protection law or this policy.
You as Controllers
  • We insist that all personal data provided by you shall have been lawfully obtained and retained and that we can legally process it.
  • We insist that in asking us to process data (knowingly or not), you are not asking us to contravene any data protection legislation or infringe the rights of the data subject or any third party.
  • We insist that the scope, nature and purpose of processing is always limited to those set out in this policy, our terms of use and any agreement we have with you.
  • You must let us know in advance of submitting sensitive data for processing or data requiring high-risk processing (as defined by data protection legislation) and you must not submit such data for processing until we give explicit written permission to do so.
Sub-processors

We may use sub-processors from time to time and we have listed our current sub-processors below:

  • Amazon Web Services Inc, Seattle, WA, United States

We will update this policy if we intend to appoint any third party as a new sub-processor of data not already listed above and we shall always require that processor to adhere to the standard set out in the current version of this policy.

© Enterprise 360 Limited

Terms

Data security and GDPR

Cookie Policy