Whitehall Systems Limited – General Data Protection Regulation Policy
GDPR was introduced to supersede the Data Protection Act introduced in 1984 and to lay down guidelines to protect what data you have on EU Citizens.
It is to take effect on 25th May 2018.
Any companies found not to comply with the new GDPR can potentially be fined €20 million euros or 4% of their annual turnover whichever is the greater.
Steps Whitehall Systems have taken to be GDPR Compliant
Store data in organised fashion
The customer data we hold is stored on a CRM database called Hubspot.
Each Customer data record can be exported and sent to a customer if they request to view it.
Data in Hubspot can be exported to an Excel file to be sent to the relevant authority.
Make sure data is safely secured
Hubspot are GDPR compliant and regularly backup their data.
Where is HubSpot’s product infrastructure hosted?
Hubspot’s product infrastructure is hosted on Amazon Web Services (AWS) in the United States East region. HubSpot leverages the Google Cloud Platform (GCP) in the EU (Frankfurt, Germany region) to support the processing of local customer data that is critical to our customers' businesses. This includes leads, email events, and analytics.
By hosting these services in both AWS in the US and GCP in Germany, HubSpot has increased the performance and reliability of those services by locating them closer to end users in the EU.
Does HubSpot transfer all customer data to the United States?
Yes. Customer data is processed and secured in the EU before being transmitted and stored in the US. The cloud infrastructure hosted on GCP provides additional redundancy for all HubSpot customers for critical components of our system. A number of HubSpot services are routed through the GCP EU data center before being securely transferred to the US and securely stored in AWS.
Does the GDPR require personal data be stored in the EU?
No. There is no obligation under the GDPR for data to be stored in the EU and the rules regarding transfer of personal data outside the EU remain largely unchanged. The GDPR permits transfers of personal data outside of the EU subject to certain conditions.
What does HubSpot do to ensure lawful data transfers from the EU?
The EU-U.S. Privacy Shield continues to be one valid way to ensure adequate safeguards are in place for personal data transfer from the EU to the U.S. The EU model clauses also remain a valid mechanism to lawfully transfer personal data.
HubSpot offers a Data Processing Agreement that incorporates the model clauses to our EU/EEA customers. We are also Privacy Shield certified.
Can I restrict where my HubSpot data is stored to a particular geographic region?
No. The core HubSpot products are currently hosted in U.S.-based data centers. Public content is globally distributed through HubSpot's content delivery network in order to ensure a positive user experience and address potential distributed denial of service attacks and similar threats. It is not possible to modify this architecture on a per-account basis.
HubSpot has a robust privacy program that is designed to align with many regions’ data hosting needs. HubSpot's service is Privacy Shield certified and HubSpot offers a Data Processing Agreement for EU-based customers. These guarantees are structured to assure the appropriate groups that HubSpot’s data-handling processes meet rigorous policy requirements.
HubSpot also replicates and backs up data in multiple storage areas. Information is replicated across infrastructure locations and availability zones to provide fault tolerance, scalability and responsive recovery as required. Customer information and sensitive data is always backed up in the most secure manner available.
Data is accessed via a login and password and is not stored on any devices so no need to perform remote wipes.
All our devices like laptops and mobile phones are protected by Anti-virus software.
We don’t keep hard copies of data.
HubSpot is extremely secure. We have a robust security program that consists of numerous protections such as the encryption of data, a web application firewall, and the ability to regulate user permissions in granular detail—all of which are supported by HubSpot's Technical Operations and Security teams. Any potential threats are escalated and managed by these teams through an automated alert system
Don’t keep data unnecessarily
We keep records of customer details for Marketing purposes and to keep a history of work done with or for the customer.
Have u got a fair processing policy
Have a process for providing the information you have on a person
We can supply the information requested to the individual by exporting
the Hubspot data to an Excel file and then sharing it, i.e. by email.
Have a process for deleting data when requested
Data on a customer can be easily deleted within Hubspot simply by deleting the customer record.
Have a way people can opt-in to allow you to use their data for Marketing purposes
Click this button to approve or tick here to …
Try a layered opt-in form
On our website is a subscribe form
Make it easy to opt-out
On the bottom of each email sent out from Hubspot to our clients, is a message saying “Prefer fewer emails from me?” and there is a link they can click to unsubscribe.
When someone opts out, Hubspot automatically flags it to let us know so no further emails of the ones they have opted-out for are sent.
Tell your team about GDPR
We have all been fully briefed and trained on what to do should an issue arise or a request is received.
Appointed Data Protection Officer
Mr Chandu Parmar – Managing Director