The biggest shakeup of Data Protection Legislation came into force on the 25th May 2018.
We recognise that you will have your own GDPR assessments to conduct and will have questions for data processors like ourselves.
In that regard we'd encourage you to read about how we safeguard your data in our Data Security and Privacy articles in the legal section these documents already cover the majority of GDPR related questions.
A number of common questions have arisen in regard to GDPR which we'll try to answer here:
- Where is the data stored?
Data is stored in Microsoft's Azure cloud platform. At the time of writing this is their sites UK South and UK West.
- Is Data encrypted?
Yes. Data is transferred to Timetastic using HTTPS and stored at rest using Transparent Data Encryption.
- How do we delete data?
You can delete individual users and all their data from Timetastic within the app itself. You can also cancel and delete your entire account from the app. These delete functions are instant and not recoverable.
- Which sub processors do you use?
This is covered in more depth in the list of 3rd Party Apps we use here.
- Do you have a specific data processing agreement?
We don't have a separate data processing agreement, the specific terms required under Article 28 of the GDPR Act are included in the main Terms and Conditions.
- Who is your Data Processing Officer?
Timetastic isn't required to have a GDPR Officer. GDPR only requires an officer if the organisation is a public body, conducts large scale systematic monitoring of individuals such as behaviour tracking, or tracks special categories of data such as health.
- Can you sign our GDPR / Data Processing Agreement?
Unfortunately we can't sign agreements with individual clients sorry. It would be pretty much impossible to manage separate legal agreements with nearly 6,000 different clients - hence why you'll find all the GDPR requirements taken care of in our standard Terms and Conditions.