UK GDPR
Your data and security are important to us. So in line with the UK General Data Protection Regulation (GDPR) our Privacy Policy that covers how we collect, disclose, use, transfer and store your information.
The EU GDPR is retained in domestic law as the UK GDPR, but the UK has the independence to keep the framework under review. The ‘UK GDPR’ sits alongside an amended version of the DPA 2018.
The key principles, rights and obligations remain the same.
The UK GDPR applies to:
- UK-based business or organisation; and the UK GDPR currently applies to your processing of personal data.
Any details of customers, employees, suppliers and contacts are stored on a secure encrypted server and will only ever be used fairly, kept secure and not be unlawfully disclosed to any other person.
The information retained includes ID / user name, first name and surname, company name, company address, mobile / office / home number / email address, order details, personal preferences and templates provided.
Personal data will be only obtained for specific, explicit and legitimate purposes and the processing of personal data will be fair and lawful. We never sell data. We need to know your basic data in order to create your account, get in touch with you about an enquiry or to provide you with your requested service. We will not collect any personal data from you we do not need in order to provide and oversee our service to you. We respect your rights and privacy and do not send out email marketing communications or make telesales calls to any of our clients.
All the personal data we hold is processed within the European Union. There will be appropriate measures in place to protect the personal data from unauthorised or unlawful processing.
For security and to ensure confidentiality we have a secure encrypted upload facility whereby recordings are uploaded directly from your computer to our secure online portal which can be accessed via the “File Upload” facility on our website.
We have two options of how we return the transcripts to our clients, one of which is encrypted end to end which means that you go onto the server and download the transcript and the other one isn’t as it attaches a copy of the transcript via email to the client without having to sign in. We are able to select which type of return is required by default on your master file to ensure you go to the server and download the transcript which is encrypted end to end if requested.
All sound files and transcripts are automatically deleted off the system after a period of 60 days. We therefore would not have any information to provide after a period of sixty days nor are we able to obtain copies of transcripts at a later date since we do not retain them. We do not retain any client information apart from the contact details, master file settings and preferences and a copy of the invoices as we are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed.
To prevent data loss we have a raid disk system in place which means everything held on the server is on two different disks, so if the first one collapses then it seamlessly goes onto the other disk working in parallel with it.
Should any data breach occur, we will inform the client immediately in order to take any preventative measures and minimise loss and/or exposure.
Should we have any requests from third parties regarding any freedom of information requests we will contact yourselves to discuss this as all the information we have is treated as being confidential.
If at any point you believe the information we process on you is incorrect you can request to see this information and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated: office@xstyping.com