Data Protection Policy
JumpData Ltd. Co. number 08241266
Date: 20th September 2019
Revision: 0.9
Author: Jason Baird
Responsible Person: Dr.Paul Brown, Managing Director, Jump Data Ltd.
Definitions
Client
The client may provide us with personal data which they have collected from their customers. For the purpose of this policy, the client is the Data Controller.
JumpData
We may take data provided by the client and process it, as part of providing the service. We are the Data Processor.
The Service
The service is defined as any data manipulation and analysis, or software development we provide for the client.
Our Compliance with the Seven GDPR Principles
Lawfulness, fairness and transparency
We are obtaining the data for lawful purposes (to provide the client with the service).
We are being provided with the data in a fair way, the client has engaged us in order to provide a data processing service.
We are transparently processing this data on behalf of the client, as described below.
Purpose and Limitations
We are processing the data in order to provide the client with the service.
We will not use this data for any other purpose.
We will not disclose this data to any other entity.
Data Minimisation
We will process only the data required to provide the client with the service.
Accuracy
We will ensure that the data, provided back to the client as part of the service, is an accurate representation of the data provided by the client.
Storage Limitation
We will store the data for only long enough as to provide the service to the client.
Upon providing the service to the client, the data container (Microsoft Access database) will be archived and retained securely for 12 months, after which time it will be permanently deleted.
The client can request that we delete the data container at any time after we have supplied it to the client.
Security
We will securely store any data supplied by or back to the client.
We will provide access to a secure, password-protected, FTP (SFTP) site for transfer of data between us and the client.
We will use GDPR compliant storage devices when storing the data on our IT equipment.
Accountability
We will ensure all our staff handling data from the client, are trained in their responsibilities in terms of executing this policy.
We will ensure all our staff are aware of their duty of confidentiality, with regard to any data supplied by the client.
End of Policy