The General Data Protection Regulation (GDPR) is a new privacy regulation that comes into place on 25th May 2018. GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union but it also addresses the export of personal data outside the EU. After Brexit it will still be applicable in the UK. We believe the GDPR is good for users and good for security across the web.
Whilst we feel that the GDPR is predominantly aimed at regulating companies such as Facebook, Google and Twitter, who process a lot of data, this new regulation affects us all – even smaller companies that process just a limited amount of data. Even if a company uses data legitimately there is still a lot of work to do around the GDPR to rework privacy policies, update user access to data held about them and essentially make it easier for us all to see what data is held where and why that might be.
Here at Navigator Systems we take our responsibility for your personal data with the utmost seriousness. We never share your details with third parties without your permission and we never have, nor ever will sell your data to anyone.
We have responsibility firstly for the data that we collect from you, the Navigator Systems prospect or client, and secondly for the data that you may collect and pass to us about your clients. Occasionally our support team may request an unencrypted copy of your database to help them track down an issue. In this case you may need a data processor agreement with ourselves. Please see this knowledgebase article.
Within HireTrack NX we have enhanced security restrictions to make it easier for you to meet your GDPR commitments and have changed how you send data to us.
Our marketing emails have always been opt-in and this remains the case going forward. We rely on either your consent or our legitimate business interests to send emails to you and we will continue to ensure there is always the option to unsubscribe in all marketing emails that we send. We have never purchase email lists – if we email marketing information to you, then you will have given us your consent in the past.
We only collect the minimal data we require to do business (including marketing) with you; personal names, company names, email addresses, street addresses, telephone numbers. If you follow us on social media, we may record that data too. We collect credit card details to efficiently process your payments – we meet all the requirements for PCI-DSS so you can be assured of a secured transaction. We believe that it is more secure to process your card online (via our 3rd party processor) than it is to ring and do it over the phone and as such we will not accept your credit card info over the phone or via email.
Your right to be forgotten – Under the GDPR you have the right to be forgotten, this means all of your data has to be deleted and never used again. There may be exceptions to this, for instance our legal obligation to keep business records such as invoices to comply with financial and tax legislation. We are developing our internal systems to make it simple for you to make this request and simple for us to process this. More information will be available in our knowledgebase. We will also be able to provide you with a copy of any data we hold on you.
Navigator Systems is only a small company so having one person solely as the privacy officer is not practical. All of our team are involved in the implementation of GDPR and going forward it will be maintained by all staff with specific requests for information being looked after by David Rose & Richard Cresswell.