What is GDPR?
The EU General Data Protection Regulation (“GDPR”) is European legislation that has been designed to try and harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the EU approach data privacy.
The GDPR comes into force on 25 May 2018 and introduces an enhanced EU-wide data protection regime that will have a direct effect on member states and any companies established outside the EU who wish to trade with and within the EU.
Who is this Statement for?
This Statement is intended to provide information relating to the steps that VoiceHost is taking to ensure compliance with the GDPR.
What is VoiceHost doing?
VoiceHost has been investigating our own systems, procedures, working practices and policies to ensure that internally we meet the requirements expected under GDPR. We have mapped data and information flows in order to assess their privacy risks.
VoiceHost is currently undergoing ISO27001 compliance audits so work is running in parallel.
The key sound bites to understand are that VoiceHost can be both the Data Controller and the Data Processor as defined below but in the context of our customers, we are considered the Data Processor.
Data Controller – where VoiceHost is the organisation responsible for determining the purposes and means of the processing of personal data; and/or
Data Processor – where VoiceHost processes personal data on behalf of our customers
Do you have a DPO and how if so, how do I contact them?
Yes we have a DPO and their details can be found here:https://www.voicehost.co.uk/privacy-policy
How do you use and store customer data?
Details in our privacy policy which can be found here: https://www.voicehost.co.uk/privacy-policy
Where is my personally identifiable data stored and how secure is it?
Your data is stored in TIA-942 Tier 3, UK data centers operating to ISO27001, ISO9001 and PCI-DSS located in London and Manchester. All data is encrypted at rest.