GDPR Compliance Statement
1. PURPOSE OF THIS STATEMENT
ProteqsIT LLC (“ProteqsIT”) and its products takes privacy very seriously and has undertaken an extensive GDPR-readiness program using both GDPR-trained internal resources and specialist external advisers. The purpose of this statement is to inform our clients about the steps that we have been taking by way of preparation.
2. INFORMATION AND SECURITY AUDIT
3. LAWFUL BASIS OF PROCESSING
On the basis of the output from the information audit, ProteqsIT has identified an appropriate lawful basis for each kind of processing that we undertake, and these are documented in our privacy notices.
4. PRIVACY NOTICES
5. INTERNAL POLICIES AND PROCEDURES
- Subject access requests
- Requests from data subjects to exercise their other rights under the GDPR, such as the “right to be forgotten” and the right to have inaccurate data rectified.
- Personal data breach incidents
- Objections to direct marketing.
6. CLIENT AGREEMENTS
- ProteqsIT will only process the personal data on the client’s written instructions;
- ProteqsIT will ensure that all personnel with access to the personal data treat it in confidence;
- ProteqsIT will put in place appropriate technical and organizational measures to protect against unauthorized or unlawful processing, and against accidental loss, destruction or damage;
- ProteqsIT will not engage a subcontractor as a third-party processor of the personal data without the client’s approval;
- ProteqsIT will assist the client in responding to requests from data subjects and in ensuring compliance with certain of the client’s other obligations under data protection law;
- ProteqsIT will delete or return personal data on termination of the relevant engagement;
- ProteqsIT will keep complete and accurate records and information to demonstrate its compliance, and allow for audits by the client or its representatives;
- ProteqsIT will inform the client if an instruction infringes data protection law; and
- ProteqsIT will not transfer any personal data outside the European Economic Area unless (a) the client’s prior written consent has been obtained, and (b) appropriate safeguards have been put in place for the personal data.
The inclusion of this Addendum means that our clients can be assured that, if ProteqsIT processes personal data on their behalf, it is being done on the basis of a contract that meets those requirements.