Data Protection Policy
The European Union’s General Data Protection Regulation (or GDPR for short) we take very seriously in which to protect you and your data securely.
Responsibility
Our software modules are a SaaS (Software as a Service) model and is owned and operated by Mark Andrew Smith Limited, an Irish company, registered in the Republic of Ireland. Both our company and your business has a joint responsibility of ensuring that all private data is secured correctly, and access to that data is only granted to who you specify. Your data will not be shared with any other third party.
Data Held
Your data will be held securely, in a secure data centre. We have a number of secure locations so that a copy of your data is held in multiple geographic locations in case of hardware failure, network failure, and for disaster planning. In which to facilitate these multiple geographic locations, your data will be held globally. This ensures that your data is always available, at all times, and for when you want it. You can access and download all your data from our servers at any time.
Processing Data
We will process your data in multiple data centres. This is for fault tolerance redundancy. Where it is applicable, we will relay message from ourselves to you via our email or SMS text gateways.
Access
By default, users of the system can only see their own data assigned to them.
We do not allow third parties access to your data, nor do we harvest your data in which to sell to any other third party.
Permission
The system will automatically request permission from you to, hold data, process data and to automatically contact you with updates via email or SMS text message as appropriate. We may need to renew permission from time to time in the event of any legal entity change.
Providing Client Data
The system has a built in function to allow a user to download all the data that you store. This is a legal requirement.
Right to be Forgotten
The system has a built in function to remove users private data and remove the user, allowing the user the right to be forgotten. This is a legal requirement.