logo

TheTimeGenie General Data Protection Regulation (GDPR)

On 25 May, 2018, the General Data Protection Regulation (GDPR) will take effect in the European Union (EU). GDPR will impose strict controls on how all organisations collect and process personal data within the EU and/or personal data of EU citizens.

TheTimeGenie will be fully compliant with GDPR when it becomes enforceable on 25 May, 2018. The regulation outlines six key points for organisations that process individuals’ personal information.

Data must be:

  • Processed lawfully, fairly and transparently
  • Collected for specified, explicit and legitimate purposes
  • Adequate, relevant and limited to what is necessary for processing
  • Accurate and kept up to date
  • Retained only for as long as necessary
  • Processed in an appropriate manner to maintain security

 

Right to be Forgotten
When records are deleted, all associated data is also permanently removed (inc documents, notes and emails etc). A record of the action is also added to the system log providing an audit trail.

Processing of Data
TheTimeGenie acts as a data processor on behalf of our customers. As a customer of TheTimeGenie you are entering into an agreement which gives us a legitimate basis to process your data (in line with GDPR requirements).

The security of customer data has, and always will be, taken extremely seriously. Our Hosting provider for Live Products and Services is a Tier 1 ISO who provides industry-leading security and has a long list of internationally recognised certifications and accreditation’s including: ISO 27001 for information security, ISO 9001 for quality management systems, ISO 27017 for cloud security, ISO 27018 for cloud privacy, SOC 1, SOC 2 and SOC 3, PCI Level 1, The Crown Commercial Service (CCS) and multiple Microsoft accreditation’s plus many others. Their identity is available on request to registered clients.

All customer data is backed up at regular intervals and stored in two alternative locations within the EU at all times, as per AWS recommended guidelines. Finally, security and performance tests are carried out at regular intervals to ensure the smooth running of the service.

Along with a username and password, all customer databases can be secured with additional layers of security including: Access Control and use of the in-built Permissions System.

TheTimeGenie operates a support ticket system. All account enquiries require a support ticket to be opened by an authorised user. The ticket system is used to confirm the authenticity of the request and to protect your account and data.

In the unlikely event of a data breach, TheTimeGenie has strict procedures in place to report this to customers, and the ICO within 72 hours of discovery.

TheTimeGenie does not share customer data with any third parties without your express written permission.