Contact Us

GDPR Statement

What is the General Data Protection Regulation (GDPR)?

The GDPR is a new regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union, aiming to give control back to citizens and residents over their personal data.

The GDPR comes into enforcement from 25th May 2018.

Taking data security and privacy seriously

At Bluezone we take security very seriously and we take data security and privacy extremely seriously and believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights, as such we are committed to maintaining compliance with the GDPR.

We will only process the personal data on instructions from the controller (Client), will ensure confidentiality and take appropriate measures to ensure security.

Our manager platform is built on a robust and flexible security architecture. The platform provides security and control over everything from user and supplier authentication through administrative permissions to the data access.

We respect your privacy and protect it with strong encryption. We have strict policies that govern how all data is handled.

As online protocols and best practice security evolves, we too are continuously enhancing our internal processes and security measures to ensure complete platform assurance.

Data Storage is fully certified under ISO 27001, the quality assurance marque for IT Security and Information Governance.

To provide you with more information about the actions we are taking please see the documents below:

  • Information Security Management System
  • Policies and Procedures
  • Frequently Asked Questions

Thank you for trusting us with your business and please be assured that we will always take the security and privacy of our client data very seriously.

Adrian Byrne

CEO Bluezone Technologies Ltd.


Information Security Management System (ISMS)

Who is the legal entity behind Bluezone Technologies?

Bluezone Technologies Limited, a private limited company incorporated in Northern Ireland with registered number NI635431.

How do you ensure that personal data is handled appropriately?

Bluezone Technologies operates and maintains an Information Security Management System (ISMS) to control its information assets appropriately. Our Data Storage is fully certified under ISO 27001 and Bluezone Technologies adapt the framework of policies and procedures that includes all legal, physical and technical controls involved in information risk management processes.

We implement human, organisational and technological security controls to protect our information assets (including personal data) from unauthorised access, unwanted disclosure, modification, theft / loss, denial of service attacks, or any other threat.

Bluezone Technologies uses a scalable cloud computing platform with high availability and dependability.  To achieve end-to-end security and end-to-end privacy our manager platform is built on a robust and flexible security architecture in accordance with security best practices, privacy by design requirements and appropriate security controls.  The platform provides security and control over everything from user and supplier authentication through administrative permissions to the data access.  We respect your privacy and protect it with strong encryption.

Data Storage is fully certified under ISO 27001, the quality assurance marque for IT Security and Information Governance. The ISO 27001 framework allows Bluezone Technologies to offer clients an independently verified level of confidence in the way we look after their data.

As online protocols and best practice security evolves, we too are continuously enhancing our internal processes and security measures to ensure complete platform assurance.

How have you documented the Personal Data you hold?

Bluezone Technologies has completed a full company wide information classification assessment, this allows us to:

  • understand the data in every part of our business (both our own data and that entrusted to us)
  • the highest level of protection required for each of these data sets
  • how we can further implement controls to reduce the likelihood of an incident impacting these assets in the future.

How do you manage risks and incidents relating to information assets?

Bluezone Technologies uses a formal information security risk management framework to identify and manage known or potential risks to the information assets within our business. Our risk management framework analyses each information asset against the possible loss of confidentiality, integrity and availability and defines appropriate controls.

We operate a formal incident management process to identify, contain and recover from a security incident should one occur and uses this process to help prevent reoccurrence.

What training do your staff go through?

Bluezone Technologies develops and provides ongoing security awareness training for all staff and actively promotes the key principles of information security.

What legal, regulatory and contractual requirements do you operate under?

Bluezone Technologies with all legal, regulatory and contractual requirements related to information security and adopts to both UK & Ireland law guidelines, industry standards and best practice for information security.


Policies & procedures

Bluezone Technologies has developed policies and procedures based on industry and vendor best practices to protect the information assets it keeps for our Clients, partners and our own information assets. The communications and operations management is planned for and deployed with regard to the security of Bluezone Technologies information assets and the operations of the whole information processing environment.

Our policy and procedures set standards for our information security controls, some examples being:

 

–          Information security policy

–          Clear desk and clear screen policy

–          Asset management policy

–          Cryptographic policy

–          Access control policy

–          Acceptable use policy

–          Mobile computing policy

–          Incident management procedure

–          Information classification procedures

–          Risk management procedure

–          Internal audit procedure

–          Document and records control procedure

–          Corrective actions procedure

–          Preventive actions procedure

 

Where can I find your Privacy Policy?

For further information on how we process (collect, store, share and handle) your data is available in our company Privacy Policy.


Frequently Asked Questions

Is Bluezone Technologies a data processor or a data controller?

For our Clients, we act as a data processor, meaning that we process your personal data on your behalf, in accordance with the terms & conditions in your user agreement.

Have you appointed a Data Protection Officer (DPO)?

Yes, our DPO is our Chief Executive Officer, Adrian Byrne. The Data Protection Officer is also available to answer queries or deal with any concerns about data protection.  You can contact the Data Protection Office by e-mail at success@bluezonemanager.com and by telephone at 028 3044 2444.

How do you comply the requirements of the GDPR principles?

There are 6 principles within the GDPR framework, these are:

1. Lawfulness, fairness and transparency

 We will process any personal data we collect in a fair, lawful and transparent manner; and in accordance with individuals’ rights.

As a Client of Bluezone Technologies we will only process the personal data you enter into the system in accordance with the Terms and Conditions.

2. Purpose limitations

 We will only collect personal data for specified, explicit and legitimate purposes. Data we collect will not be used for any other purposes other than what you as the data subject(s) has been made aware of.

As a Client of Bluezone Technologies we will only process personal data you enter into the system for the purpose of providing you our service and in accordance with the Terms and Conditions.

3. Data minimisation

 We will only collect personal data that is needed, adequate and relevant for the specific purpose.

As a Client of Bluezone Technologies you are responsible for ensuring that the data you hold about your employees, contractors or other data subjects is limited to what is needed, adequate and relevant for the specific purpose.

4.Accuracy

 To the best of our ability we will ensure that any personal data we collect is accurate, kept up to date and correct.

As a Client of Bluezone Technologies you are responsible for ensuring that the data entered into the system about your employees, contractors or other data subjects is accurate and kept up to date. Our system is designed to maintain a high level of integrity, meaning that your data will remain as entered and unchanged.

5. Storage limitations

We will only keep personal data we collect for as long as it is needed, in addition, you have the right to request erasure of your individual data.

As a Client of Bluezone Technologies you are responsible for ensuring that personal data entered into your system is removed when no longer needed. If you choose to close your account we will securely delete all personal data held in the system on your behalf.

6. Integrity and confidentiality

We will process all personal data we collect in a manner that protects it against unwanted modification, disclosure or unlawful processing.

We take a risk based approach to ensure that our system has the appropriate technical and organisational controls to safeguard the integrity and confidentiality of all personal data.

Do you perform Privacy Impact Assessments? (PIA’s)

Yes, We perform periodic risk assessments which includes a full assessment of what data we hold, where this information is located, the risks involved with processing this information and the controls necessary to address the associated risks.

Will I be notified in the case of a breach?

Under the GDPR, Bluezone Technologies is required to report data breaches to the ICO within 72 hours. As part of our information security incident management procedure, appropriate communications will be made, including notifications to all affected parties.

How do you handle subject access requests (SAR)?

Bluezone Technologies act as a Data Processor on behalf of its Clients so we are not able to process SARs on your behalf. If we receive a SAR from one of your employees, contractors or data subjects we will forward the request to you.

How do you process data portability requests?

Bluezone Technologies act as a Data Processor on behalf of its Clients so we are not able to process data portability requests on your behalf. We provide you with tools inside Bluezone Technologies to extract information in commonly used file formats.

How do you ensure you meet with the privacy by design requirements?

As part of our information security management system, we have implemented system development principles to ensure that whenever we develop or introduce new systems, privacy and security requirements are considered at every stage.

Where is my data stored?

We use The Internet Business Ltd, t/a Tibus to store our databases and production environment and these are located in Ireland. These services are supported by our disaster recovery site in the UK. This means we never store your data, or indeed any of our backups, outside the EU. We will review our data storage in line with Brexit developments.