GDPR Compliance

Last Updated: August 2022

Data Protection and GDPR

Introduction

OmniSuite is committed to protecting the privacy of our users and their customers. We remain up to date with developments in data protection laws to ensure you can confidently and safely use our platform. This page explains the applicable rules, how they relate to your use of the OmniSuite platform, and the steps we have taken to comply with them. You should review this document alongside our Privacy Policy and consult a specialist legal professional if you require more information or advice.

General Data Protection Regulation (GDPR)

Regulation (EU) 2016/679, more commonly known as the General Data Protection Regulation (GDPR), is an EU regulation aimed at harmonizing data protection and privacy laws across the EU. The GDPR provisions apply whenever the personal data of an EU data subject is involved.

The GDPR focuses on giving individuals more control over how their data is used by companies and making the collection and processing of data more transparent.

The GDPR was incorporated directly into UK law following the Brexit transition period. As a result, UK businesses still must comply with its provisions under the ‘UK GDPR.’

Basic GDPR Concepts

Controller and Processor

The GDPR imposes various obligations depending on whether an entity is a controller or a processor of personal data.

Controller: An entity that decides to process personal data, including determining the basis and methods of processing. Controllers are responsible for ensuring legal compliance when collecting personal data.Processor: An entity that processes data on behalf of a controller without independent decision-making authority. Processors must comply with the controller’s instructions. When you use OmniSuite, you are a controller You control the data uploaded to OmniSuite, including its purpose and retention period. As such, you are responsible for ensuring a lawful basis for data processing and retaining the data only as long as necessary. OmniSuite acts as a processor. We store and manage data under your instructions through our platform. We do not use personal data for our own purposes or without your direction.

Legal Basis for Processing

Personal data may only be collected and processed if there is a legal basis for doing so, as outlined in the GDPR.

As a processor, OmniSuite relies on customers to determine the appropriate legal basis for collecting and processing personal data. Before using our service, you should identify the applicable legal basis and collect data only as necessary for that purpose. Avoid changing the legal basis for data processing unless absolutely necessary.

Data Subject Access Rights

Under the GDPR, data subjects (your customers) have rights concerning their personal data, including accessing, correcting, or deleting it.

OmniSuite has implemented systems to handle such requests effectively. We will promptly comply with your instructions and inform you if a data subject makes a request to us. You should familiarize yourself with your responsibilities, including managing personal data stored on systems outside OmniSuite.

Transfers of Data to the USA

Personal data may only be transferred outside the EEA under specific circumstances. OmniSuite utilizes Standard Contractual Clauses (SCCs) as part of our Data Processing Agreement with customers, ensuring lawful data transfers to the USA.

Data Security

We have implemented robust security measures to protect personal data, including:

Regular testing for vulnerabilities and bugs.

Comprehensive backup systems.

Data recovery and integrity processes to minimize data loss or corruption risks.

Steps to Ensure GDPR Compliance

We take our responsibilities as a processor seriously and have taken the following steps to maintain compliance:

Incorporating Standard Contractual Clauses into our data processing agreements to ensure lawful data transfers to the USA.Implementing systems to detect personal data breaches and promptly notify customers.Facilitating subject access and data erasure requests and informing customers of such requests.Documenting and assessing the personal data we process on your behalf.Regularly reviewing and enhancing security measures to address potential risks of data breaches.