Webcertain and the GDPR
Webcertain complies with all laws and regulations and this includes the General Data Protection Regulation which came into force on May 25th, 2018. Here are the steps we take to ensure our compliance, if you need any further information please email firstname.lastname@example.org:
Data Protection Audit
Webcertain has implemented a process to review and audit the company’s compliance with GDPR on an annual basis. This document follows a first audit which implemented a number of changes to our personal data management.
Webcertain has documented the personal data it handles and manages’ bearing in mind that Webcertain operates as a business-to-business supplier. Predominantly, the data we use relates to businesses and is not personal. However, we aim to deliver high standards of data protection to business data also.
Lawful basis for processing personal data
Webcertain needs to process some personal data (mainly contact data and job role information) in order to effectively deliver its contracts for customers. Webcertain also obtains consent to provide useful “how to” information and guidance as part of its own marketing.
Consent is sought before a user subscribes to our know-how platform which distributes useful “how-to” information. We explicitly ask for consent and this is recorded in our system.
Systems for consent
Global Central is our core data management platform that manages consent. It also provides a control panel that any user can use to view, change or remove any data we hold on them.
Children’s personal data
Webcertain doesn’t store children’s data.
Registered with ICO
Webcertain has registered with ICO as a data processor - A8355790.
Privacy information built into the business
Webcertain has always approached privacy carefully and continues to do so and to comply with the law. GDPR has been introduced to staff with regularly training provided to enhance awareness.
Provide right of access and download capabilities - staff and customers
Both customers and staff are provided with control panels where they can access the data that is stored on them. The customer control panel is part of the Global Central technology. Customers can request to close their subscription accounts themselves. Where the data is contract-based they’ll need to request it from an Account Manager.
Webcertain always rectifies any incorrect data immediately once notified.
Right to erasure
All consent-based customers, ex-employees and former contract-based customers, have the right to have their data erased and need to request this via email@example.com.
Options to restrict onward processing
Webcertain has no method for restricting processing, but does not share personal data with third parties, so the Personal Control Panel allows for maximum adjustment of the data processed by Webcertain.
CSV download for right to data portability
The Personal Control Panel will shortly have a CSV download option added but until then this can be requested via the email firstname.lastname@example.org.
Rights related to automated decision making including profiling
Webcertain uses personalisation tools within its Global Central technology which gives scores to countries and areas of interest. These scores are available currently as downloads by request at email@example.com , but will become editable in the Personal Control Panel by users shortly.
Webcertain adopts a “data protection by design and default” approach as recommended by the ICO. Our core technology Global Central provides us with clear tools to use to manage data and provide compliance and is being continuously improved. Meanwhile, our contracting process incorporates GDPR for the companies’ suppliers and supplier contracts.
Data protection awareness training for staff
All staff have been made aware of GDPR, a training programme for GDPR has been introduced and GDPR is covered in the inductions for new staff.
Customer personal data held by Webcertain is not processed by third party processors.
Webcertain implements Data Protection Impact Assessments whenever there is shown to be a high risk to personal data. This is normally rare, as we hold relatively low levels of personal data.
Data protection officer
Webcertain believes we aren’t required to appoint a Data Protection Officer but have decided to do so in any case and for the avoidance of doubt. The current Data Protection Officer is CEO Andy Atkins-Krueger.
The management takes all aspects of GDPR seriously and the CEO is the Data Protection Officer.
Information security policy
Webcertain uses appropriate technical and organisational measures to ensure the security of all the data we hold and especially the personal data. Additionally, we continuously review our security measures.
If you become aware of a breach of our policy on GDPR, please notify us using the email firstname.lastname@example.org.
Webcertain does not transfer personal data outside of the European Union.