General Data Protection Regulation Policy

Here at South Stour Consultancy, we take your privacy seriously and will only use your personal information to provide the services you have requested from us.

South Stour Consultancy is committed to GDPR compliance. We are also committed to helping our clients comply with the GDPR by providing stringent privacy and security protections that are built into our service and contracts.

Our custom software will allow your organisation to fulfil its regulatory requirements of the European Union’s General Data Protection Regulation (GDPR). All features required to fulfil the regulatory requirements will be built into the software used for handling Personally Identifiable Information (PII) in the scope of the GDPR

What are your responsibilities as a data controller?

It is important to understand your responsibilities as a data controller. South Stour Consultancy’s customers will typically act as the ‘data controller’ for any personal data they provide to South Stour Consultancy in connection with their use of South Stour Consultancy’s services. The data controller determines the purposes and means of processing personal data.

South Stour Consultancy builds systems to help data controller’s process their own data.

Data controllers are responsible for implementing appropriate technical and organisational measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR. Their obligations arise from the data protection principles which require lawfulness, fairness and transparency, purpose limitation, data minimisation, and accuracy, as well as fulfilling data subjects’ rights with respect to their data.

If you are a data controller, you will find guidance on your responsibilities under GDPR by regularly checking the website of your national or lead data protection authority. In the case of the UK, this is the Information Commissioner’s Office at ico.org.uk. You should also seek independent legal advice relating to your status and obligations under the GDPR, for legal advice specifically tailored to your situation.

Please bear in mind that nothing on this website is intended to be used as a substitute for legal advice.

Our commitments to the GDPR

South Stour Consultancy does not process personal data for customers, except in exceptional circumstances and at the express request of the customer. However, South Stour Consultancy can help you select the appropriate technical and organisational measures so that data processing will meet the requirements of the GDPR.

Here are some aspects you may want to consider when conducting your assessment of South Stour Consultancy:

• South Stour Consultancy employs and works with security and privacy experts to implement security policies, maintain its systems, review security processes, and build a secure infrastructure. Our teams liaise with customers to ensure our services help meet their compliance needs.
• South Stour Consultancy’s terms and conditions clearly articulate its privacy commitments to customers. The terms have been updated to reflect the requirements of GDPR.
• Our hosting facilities, Amazon and Microsoft, have verified they have the necessary functionality for compliance with the GDPR. In addition, we will use a standard method for deletion and retention of data that is considered acceptable under the GDPR.
• We ensure a high level of security, and provide timely breach reporting to meet all GDPR expectations. To reflect this, we utilise a number of security features through our hosting partners. Our security practices include breach detection and timely notification and then recovery.
• All of South Stour Consultancy’s employees are required to sign a confidentiality agreement and complete mandatory confidentiality and privacy training.
• South Stour Consultancy’s hosting partners, Amazon and Microsoft, hold all the necessary and expected security accreditations for data storage.
• Where your application’s features do not include automatic deletion of data, South Stour Consultancy will delete and/or export (return) data at any time during the term of our service agreement.
• South Stour Consultancy / Amazon / Microsoft normally backs up data every 24 hours, but this can be modified depending on the nature of the project and individual customer requirements. Any old data is removed in accordance with the retention policy agreed with the customer.
• How South Stour Consultancy assists data controllers:
  1. Data Subject’s Rights – South Stour Consultancy can provide an export of customer data, at any time during the term of the agreement.
  2. Incident Notifications – South Stour Consultancy will provide contractual commitments around incident notification. We will continue to promptly inform you of incidents involving your customer data in line with the data incident terms in our current agreements.

For any more information about our compliance with GDPR, please contact us at https://www.southstourconsultancy.co.uk/contact-us