The GDPR is a new regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union, aiming to give control back to citizens and residents over their personal data.
The GDPR comes into enforcement from 25th May 2018.
At Bluezone we take security very seriously and we take data security and privacy extremely seriously and believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights, as such we are committed to maintaining compliance with the GDPR.
We will only process the personal data on instructions from the controller (Client), will ensure confidentiality and take appropriate measures to ensure security.
Our manager platform is built on a robust and flexible security architecture. The platform provides security and control over everything from user and supplier authentication through administrative permissions to the data access.
We respect your privacy and protect it with strong encryption. We have strict policies that govern how all data is handled.
As online protocols and best practice security evolves, we too are continuously enhancing our internal processes and security measures to ensure complete platform assurance.
Data Storage is fully certified under ISO 27001, the quality assurance marque for IT Security and Information Governance.
To provide you with more information about the actions we are taking please see the documents below:
Thank you for trusting us with your business and please be assured that we will always take the security and privacy of our client data very seriously.
CEO Bluezone Technologies Ltd.
Bluezone Technologies Limited, a private limited company incorporated in Northern Ireland with registered number NI635431.
Bluezone Technologies operates and maintains an Information Security Management System (ISMS) to control its information assets appropriately. Our Data Storage is fully certified under ISO 27001 and Bluezone Technologies adapt the framework of policies and procedures that includes all legal, physical and technical controls involved in information risk management processes.
We implement human, organisational and technological security controls to protect our information assets (including personal data) from unauthorised access, unwanted disclosure, modification, theft / loss, denial of service attacks, or any other threat.
Bluezone Technologies uses a scalable cloud computing platform with high availability and dependability. To achieve end-to-end security and end-to-end privacy our manager platform is built on a robust and flexible security architecture in accordance with security best practices, privacy by design requirements and appropriate security controls. The platform provides security and control over everything from user and supplier authentication through administrative permissions to the data access. We respect your privacy and protect it with strong encryption.
Data Storage is fully certified under ISO 27001, the quality assurance marque for IT Security and Information Governance. The ISO 27001 framework allows Bluezone Technologies to offer clients an independently verified level of confidence in the way we look after their data.
As online protocols and best practice security evolves, we too are continuously enhancing our internal processes and security measures to ensure complete platform assurance.
Bluezone Technologies has completed a full company wide information classification assessment, this allows us to:
Bluezone Technologies uses a formal information security risk management framework to identify and manage known or potential risks to the information assets within our business. Our risk management framework analyses each information asset against the possible loss of confidentiality, integrity and availability and defines appropriate controls.
We operate a formal incident management process to identify, contain and recover from a security incident should one occur and uses this process to help prevent reoccurrence.
Bluezone Technologies develops and provides ongoing security awareness training for all staff and actively promotes the key principles of information security.
Bluezone Technologies with all legal, regulatory and contractual requirements related to information security and adopts to both UK & Ireland law guidelines, industry standards and best practice for information security.
Bluezone Technologies has developed policies and procedures based on industry and vendor best practices to protect the information assets it keeps for our Clients, partners and our own information assets. The communications and operations management is planned for and deployed with regard to the security of Bluezone Technologies information assets and the operations of the whole information processing environment.
Our policy and procedures set standards for our information security controls, some examples being:
| – Information security policy
– Clear desk and clear screen policy – Asset management policy – Cryptographic policy – Access control policy – Acceptable use policy – Mobile computing policy – Incident management procedure – Information classification procedures |
– Risk management procedure
– Internal audit procedure – Document and records control procedure – Corrective actions procedure – Preventive actions procedure
|
Where can I find your Privacy Policy?
For further information on how we process (collect, store, share and handle) your data is available in our company Privacy Policy.
Is Bluezone Technologies a data processor or a data controller?
For our Clients, we act as a data processor, meaning that we process your personal data on your behalf, in accordance with the terms & conditions in your user agreement.
Yes, our DPO is our Chief Executive Officer, Adrian Byrne. The Data Protection Officer is also available to answer queries or deal with any concerns about data protection. You can contact the Data Protection Office by e-mail at success@bluezonemanager.com and by telephone at 028 3044 2444.
There are 6 principles within the GDPR framework, these are:
We will process any personal data we collect in a fair, lawful and transparent manner; and in accordance with individuals’ rights.
As a Client of Bluezone Technologies we will only process the personal data you enter into the system in accordance with the Terms and Conditions.
We will only collect personal data for specified, explicit and legitimate purposes. Data we collect will not be used for any other purposes other than what you as the data subject(s) has been made aware of.
As a Client of Bluezone Technologies we will only process personal data you enter into the system for the purpose of providing you our service and in accordance with the Terms and Conditions.
We will only collect personal data that is needed, adequate and relevant for the specific purpose.
As a Client of Bluezone Technologies you are responsible for ensuring that the data you hold about your employees, contractors or other data subjects is limited to what is needed, adequate and relevant for the specific purpose.
To the best of our ability we will ensure that any personal data we collect is accurate, kept up to date and correct.
As a Client of Bluezone Technologies you are responsible for ensuring that the data entered into the system about your employees, contractors or other data subjects is accurate and kept up to date. Our system is designed to maintain a high level of integrity, meaning that your data will remain as entered and unchanged.
We will only keep personal data we collect for as long as it is needed, in addition, you have the right to request erasure of your individual data.
As a Client of Bluezone Technologies you are responsible for ensuring that personal data entered into your system is removed when no longer needed. If you choose to close your account we will securely delete all personal data held in the system on your behalf.
We will process all personal data we collect in a manner that protects it against unwanted modification, disclosure or unlawful processing.
We take a risk based approach to ensure that our system has the appropriate technical and organisational controls to safeguard the integrity and confidentiality of all personal data.
Yes, We perform periodic risk assessments which includes a full assessment of what data we hold, where this information is located, the risks involved with processing this information and the controls necessary to address the associated risks.
Under the GDPR, Bluezone Technologies is required to report data breaches to the ICO within 72 hours. As part of our information security incident management procedure, appropriate communications will be made, including notifications to all affected parties.
Bluezone Technologies act as a Data Processor on behalf of its Clients so we are not able to process SARs on your behalf. If we receive a SAR from one of your employees, contractors or data subjects we will forward the request to you.
Bluezone Technologies act as a Data Processor on behalf of its Clients so we are not able to process data portability requests on your behalf. We provide you with tools inside Bluezone Technologies to extract information in commonly used file formats.
As part of our information security management system, we have implemented system development principles to ensure that whenever we develop or introduce new systems, privacy and security requirements are considered at every stage.
We use The Internet Business Ltd, t/a Tibus to store our databases and production environment and these are located in Ireland. These services are supported by our disaster recovery site in the UK. This means we never store your data, or indeed any of our backups, outside the EU. We will review our data storage in line with Brexit developments.