GDPR Policy

GDPR Policy

revised 02/05/2023

Introduction

The General Data Protection Regulation is a new, European-wide law that replaces the Data Protection Act 1998 in the UK. It places greater obligations on how organisations handle personal data. It comes into effect on 25 May 2018.  The GDPR is an evolution of the existing law. If you are already complying with the terms of the Data Protection Act 1998, and have an effective data governance programme in place, then you are already well on the way to being ready for the GDPR.

Any organization that works with EU residents’ personal data in any manner, irrespective of location, has obligations to protect the data.  We are well aware of its role in providing the right tools and processes to support its users and customers meet their GDPR mandates.

Detail

ActIn Time Ltd takes security and privacy very seriously and has been a registered member of the Data Protection Act since 2003 (previously registered under Wisegrove Ltd).

Rest assure, ActIn Time Ltd takes the utmost caution and care with any customer’s data.  Additional security procedures and safety measures have been tightened and further internal training for all staff has been carried out.  ActIn Time Ltd does not keep any data longer than necessary and encourages customers to store any working files or backups on their server’s where possible.  Procedures are in place to remove/delete old customers data from our servers.

The software we supply is installed on your IT infrastructure and is controlled by your IT security.  We do not have access rights to your network infrastructure and customers are advised to re-evaluate their internal security and passwords.  However, some customers have allowed us 24/7 access to their networks for support purposes and any passwords or access codes given are protected by our security which is in line with the GDPR rules.

Customers data will only be used for the reasons it was supplied and never given to any 3rd party organisation without the customers consent.

ActIn Time ICO

ActIn Time Ltd GDPR statement

  1. ActIn Time Ltd will delete, destroy or return all personal data to the customer at the end of their contract;
  2. ActIn Time Ltd will assist all customers when responding to any request under the GDPR and providing access to an individual’s personal data;
  3. ActIn Time Ltd will take appropriate measures to ensure the security of personal data;
  4. ActIn Time Ltd will not transfer any personal data for processing in a country outside of the European Union;
  5. ActIn Time Ltd will only act on the customer’s instructions (unless legally required to act without the customer’s prior instructions);
  6. ActIn Time Ltd will at all times ensure that all people engaged in data processing are under a strict duty of confidentiality;
  7. ActIn Time Ltd will only engage a sub-processor which meet all the requirements and obligations under the GDPR;
  8. ActIn Time Ltd will only use the customers data for the reasons it was supplied and never given to any 3rd party organisation for any other reason it was supplied, without the customers consent;
  9. ActIn Time Ltd will assist the customer in meeting their obligations under the GDPR, in particular, their obligations relating to security of processing, the notification of personal data breaches and data protection impact assessments;
  10. ActIn Time Ltd will provide the customer with whatever information needed to ensure both organisations meet their respective obligations under Article 28 GDPR (written processor agreement);
  11. ActIn Time Ltd will inform the customer whenever we are asked to do something with the personal data provided to us which might infringe the GDPR or other applicable data protection laws.
  12. ActIn Time Ltd reserve the right to update and modify their policy at any time for the reasons of remaining compliant with GDPR and Privacy Policies.