General Privacy and Data Protection Policy
Personal Data Privacy and Protection is subject to conditions laid down by the relevant provisions of the General Data Protection Regulation (GDPR) that has been adopted to protect the rights of all individuals within the European Union, superseding the already applicable EU Data Protection directives (95/46/EC and 97/66/EC). To comply with the law, personal information will be collected and used fairly, stored safely and not disclosed to any other person unlawfully.
Where are the data located/stored?
The data are located to a data server located in UK (Rackspace Ltd) under a security management model as recommended by the ISO 27001 standard and complied with the respective obligations applicable to personal data that it controls or processes as part of, or in connection with, its use or provision of the services supplied.
Who has access to them?
Personal data are processed by authorized personnel of Psycholate only in order to fulfill support and processing obligations to their Licence Holder.
Any data processing undertaken by an employee that he/she has not been authorized to carry out as part of his/her legitimate duties is prohibited. Psycholate does not disclose personal data to unaffiliated third parties except where such disclosures would be necessary for Psycholate’s provision of the service to their Licence Holder. Such necessary disclosures would occur in accordance with applicable data protection laws as described in the General Privacy and Data Protection Policy section and an NDA is signed between the two partners as well.
How the security of the personal data held is ensured?
Psycholate implements the appropriate technical and organizational security measures to protect personal information, including internal security procedures that restrict access to and disclosure of personal data. We also use encryption, firewalls and other technology and security procedures to help protect the accuracy and security of your personal information and prevent unauthorized access, unlawful processing disclosure or improper use. Since December 2016, Psycholate is certified and operates under the standard processes and procedures of the ISO 27001, for Information security management.
How long personal data records are retained?
The Data Protection Acts state that personal information held by Data Processor and Controllers should be retained for no longer than is necessary for the purpose or purposes for which it was obtained as long as they remain up-to-date. Psycholate determined that the data records should be stored securely for twelve months, after which are anonymised (i.e. all information that can be identifiable are removed). This process is considered appropriate since it allows Psycholate to fulfil support and agreed services, research or other data analysis purposes to their client companies whilst safeguarding privacy and data protection. When the Data Controller’s business requirements, legal obligations and purpose of use of such data requires differently, this retention period is extended following a respective agreement, in the manner of complying with the law.
For any issue related to Data Protection and Privacy, please contact: firstname.lastname@example.org