For the purpose of the Data Protection Act 1998 and from 25 May 2018 unless and until the GDPR is no longer directly applicable in the UK, the General Data Protection Regulation ((EU) 2016/679)("GDPR") and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then any successor legislation to the GDPR or the Data Protection Act 1998 (the "Data Protection Laws"), we are the data processor.
What are your responsibilities as a customer?
TWM Prosoft customers will typically act as the data controller for any personal data they provide to TWM Prosoft in connection with their use of our services. The data controller determines the purposes and means of processing personal data, while the data processor processes data on behalf of the data controller. TWM Prosoft is a data processor and processes personal data on behalf of the data controller when they use the TWM Prosoft facility.
Data controllers are responsible for implementing appropriate technical and organisational measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR. Controllers’ obligations relate to principles such as lawfulness, fairness and transparency, purpose limitation, data minimisation, and accuracy, as well as fulfilling data subjects’ rights with respect to their data.
If you are a data controller, you may find guidance related to your responsibilities under GDPR by regularly checking the website of your national or lead data protection authority.
You should also seek independent legal advice relating to your status and obligations under the GDPR, as only a lawyer can provide you with legal advice specifically tailored to your situation. Please bear in mind that nothing in this policy is intended to provide you with, or should be used as a substitute for, legal advice.
TWM ProSoft's commitments to the GDPR
Alongside other duties, data controllers are required to only use data processors that provide adequate guarantees to implement appropriate technical and organisational measures so that data processing will meet the requirements of the GDPR. Here are some aspects you may want to consider when conducting your assessment of TWM Prosoft:
TWM Prosoft employs and works with security and privacy professionals to maintain our systems, develop security review processes, build security infrastructure, and implement TWM Prosoft’s security policies.
We promise to maintain a high level of security, and will ensure timely breach reporting to meet all GDPR expectations. All personal data is encrypted using https protocol. Our data centre is located in Nottingham UK and we have a dedicated infrastructure. The data centres are owned and managed by Heart Internet.
PROCESSING ACCORDING TO INSTRUCTIONS
Any data that a customer and its users put into our systems will only be processed in accordance with the customer’s instructions
USE OF SUBPROCESSORS
TWM Prosoft directly conduct all of data processing activities required to provide the TWM Prosoft services. Whilst our servers are based in the UK some of our software development is done outside of the EU. The only data that is moved outside the EU however is code based and NOT any personal data which is retained on our UK servers.
DATA RETURN & DELETION
Administrators can archive employee data, via the functionality of the TWM Prosoft services, at any time during the term of the agreement. We have included data export commitments in our data processing terms since we began trading, and we will continue offering those after the GDPR comes into force. We are always working to enhance the robustness of the data export capabilities of the TWM Prosoft services. TWM Prosoft store data backups for 1 year * before the backups are replaced fully and any old data is removed.
How TWM Prosoft assists data controllers
Data Subject's Rights
TWM Prosoft can provide and export customer data, at any time during the term of the agreement.
TWM Prosoft will provide contractual commitments around incident notification. We will continue to promptly inform you of incidents involving your customer data in line with the data incident terms in our current agreements and the updated terms that apply from 25 May 2018, when the GDPR came into force.