GDPR Statement

GDPR Statement

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), adopted on April 27, 2016, is a regulation intended to strengthen and unify data protection for individuals within the European Union (EU). It also addresses the transfer of personal data outside of the EU. The primary objectives of the GDPR are to enhance EU residents’ control of their personal data and to simplify the regulatory environment for international business by imposing uniform data protection requirements on all EU members. The GDPR replaces the data protection directive (officially Directive 95/46/EC) from 1995 and is effective from May 25, 2018.

Eighty Eight Digital Limited is committed to compliance with the GDPR. Just like existing privacy laws, including the preceding data protection directive, compliance with the GDPR requires a partnership between Eighty Eight Digital Limited and our customers in their use of our services and products. Eighty Eight Digital Limited has reviewed the requirements of the GDPR and is working to make enhancements to our services, products, documentation, and contracts to support our own compliance with the GDPR.

Eighty Eight Digital Limited’s compliance with the GDPR

As a cybersecurity provider, data privacy and security are at the core of Eighty Eight Digital Limited’s business and something Eighty Eight Digital Limited takes very seriously. Eighty Eight Digital Limited remains committed to protecting personal data in compliance with the highest standards of privacy and security. Below is a high-level summary of Eighty Eight Digital Limited’s compliance with many of the key areas of the GDPR.

Data Protection

  • As the data processor, Eighty Eight Digital Limited will only process personal data on behalf of the data controller and on written authorisation from the data controller (i.e. through a contract or order).
  • Eighty Eight Digital Limited expects that its customers, as the data controllers, will notify their employees and users (i.e. the data subjects) of the processing carried out by Eighty Eight Digital Limited and will obtain their consent for Eighty Eight Digital Limited to do so.
  • Eighty Eight Digital Limited ensures the confidentiality and availability of the personal data that it processes and that appropriate technical and organisational measures are taken to protect such personal data.
  • For the majority of Eighty Eight Digital Limited’s services and products, personal data is never stored by or accessible by Eighty Eight Digital Limited.
  • Logs are never stored in clear text.
  • Eighty Eight Digital Limited only allows access to personal data by personnel who are authorised administrators with appropriate privileges.
  • Eighty Eight Digital Limited does not process or store any personal data that is not needed to perform the contracted services on behalf of the data controller.
  • The personal data that Eighty Eight Digital Limited processes on behalf of the data controller will be accurate, complete, and kept up-to-date as much as technically possible.
  • Personal data will not be disclosed, made available, or otherwise used for purposes other than to perform the contracted services on behalf of the data controller, except as required by law.
  • All transfers of personal data outside of the European Economic Area (EEA) will only be done for the purposes of providing the contracted services to the data controller and will be subject to EU-US and Swiss-US Privacy Shield principles.
  • Eighty Eight Digital Limited retains logs in its provided applications for rolling periods of at least six months, after which the logs are securely purged.
  • At contract termination or expiration, the logs will be purged pursuant to the six-month retention cycle, or as earlier requested in writing by the data controller.
  • Eighty Eight Digital Limited will make available to the data controller all information reasonably necessary for the data controller to demonstrate its compliance with the GDPR.
  • Eighty Eight Digital Limited will be accountable and responsible to ensure its own compliance under the GDPR.

Security Safeguards

  • Eighty Eight Digital Limited protects personal data through reasonable security safeguards against such risks as loss or unauthorised access, destruction, use, modification, or disclosure.
  • Eighty Eight Digital Limited performs robust security measures on its systems such as antivirus, firewalls, scheduled vulnerability scanning, penetration testing, and security code peer reviews.
  • All Eighty Eight Digital Limited personnel who are authorised to process personal data have committed themselves (through employment and confidentiality agreements) to the confidentiality and security of personal data.
  • Eighty Eight Digital Limited is able to ensure ongoing confidentiality, integrity, availability, and resilience of its processing systems and services, in addition to restoring real-time availability and access to personal data in a timely manner in the event of a physical or technical incident.
  • Eighty Eight Digital Limited has an internal process for regularly testing, assessing, and evaluating the effectiveness of the technical and organisational measures for ensuring the security of the processing of personal data.
  • Eighty Eight Digital Limited will notify the data controller without undue delay after becoming aware of a personal data breach and will assist the data controller in reporting to supervisory authorities and affected data subjects any personal data breaches.

Eighty Eight Digital

Our Office: 

Unit 23

Mallard Close

Earls Barton

Northamptonshire

NN6 0JF

Call: 01604 439330

Email: contact@eightyeight.digital