In May 2018, the EU General Data Protection Regulation (GDPR) will be replacing the Data Protection Act 1998. Simplytrak currently complies with applicable data protection regulations and is committed to compliance across all its relevant services when GDPR comes into effect on 25th May 2018.
In preparation for GDPR, we acknowledge our responsibility to develop and maintain business-wide awareness of the impact of the changes. We take our obligations under data protection legislation seriously and have been working internally to review all of our processes to ensure that we are protecting and respecting the privacy of individuals.
Part of this process has been reviewing our data privacy policies to support the upcoming changes. At Simplytrak we will continue to maintain the very highest standards for data processing and also of data handling where we are the data ‘Controller’.
Any personal information that we gather for marketing purposes, as the ‘Controller’ at Simplytrak, is stored within our secure system and will never be passed to any third parties. As a service provider of Remote Tracking and Monitoring solutions for our customers, Simplytrak are the data ‘Processor’ and the customer is the data ‘Controller’.
We have been revisiting our Data Processing Agreement (DPA) to ensure that it meets the standards set by GDPR. If a customer has their own DPA we would ask that it is sent to us in sufficient time to meet the May deadline. We will need to review each DPA individually before signing the agreement.
As the ‘Processor’ we will never ask a customer to add any personal data to the Simplytrak system as a requirement to our services. If the customer as the ‘Controller’ wishes to do so this is their full responsibility to ensure that it complies with Data Protection Laws and to grant viewing rights to other users.
Any data that is stored within the Simplytrak system or obtained by Simplytrak in the course of an agreement with a customer will be strictly confidential and will not be copied, disclosed or processed in any way without the express authority of the customer.
If a customer wishes to no longer use our services, if requested, we can transfer a copy of all data to the customer or destroy this using a secure method which ensures that it cannot be accessed by any third party.
At Simplytrak we take security very seriously and adopt a number of strict security measures to take necessary steps to protect against any unauthorised or unlawful processing of data. We will also never engage with any sub-processors or third parties without the prior consent from a customer.
If you have any further questions on our compliance to GDPR please get in touch at firstname.lastname@example.org and we will be happy to assist with any queries