General Data Protection Regulation (GDPR)

As of 25 May 2018, European data protection legislation will be updated for the first time in 20 years. The EU General Data Protection Regulation (GDPR) replaces the 1995 EU Data Protection Directive. The GDPR strengthens the rights that individuals have regarding their personal data and seeks to harmonise data protection laws across Europe, regardless of where that data is processed.

You can rest assured that TCF Software (The Covert Formula Ltd) is committed to GDPR compliance. We are also committed to helping our customers comply with the GDPR by providing stringent privacy and security protections that are built into our service and contracts.

Where Should You Start?

Now is the time for you to begin preparing for the GDPR and we are here to help. Here are some considerations:

1 - Firstly, familiarise yourself with the provisions of the GDPR, especially the changes that it will make to your current data protection obligations.

2 - Consider creating an updated inventory of personal data that you handle. TCF Software can help identify and classify your data.

3 - Review your current controls, policies, and processes to assess whether they meet the requirements of the GDPR.

4 - Monitor updated regulatory guidance as it becomes available.

5 - Consult a lawyer to obtain legal advice specifically applicable to your business circumstances.

Our Commitments To The GDPR

Alongside other duties, data controllers are required to only use data processors that provide adequate guarantees as to appropriate technical and organisational measures so that data processing will meet the requirements of the GDPR. Here are some aspects you may want to consider when conducting your assessment of TCF Software:

EXPERT KNOWLEDGE

TCF Software employs and works with security and privacy professionals to maintain its systems, develop security review processes, build security infrastructure, and implement security policies. Its teams engage with customers, industry stakeholders, and supervisory authorities to shape its services in a manner that helps customers meet their compliance needs.

OUR POLICIES

TCF Software’s data processing agreements clearly articulate its privacy commitments to customers. The terms have been amended over the years to reflect feedback from customers and regulators. We plan on specifically updating our terms to reflect the GDPR, and will make these updates available in advance of the GDPR coming into force to facilitate our customers' compliance assessment and GDPR readiness when using TCF Software's services. The updated terms will take effect from 25 May 2018, when the GDPR comes into force.

FUNCTIONALITY

We have verified that our hosting facilities have all of the necessary functionality for compliance with the GDPR – not least because they are based in the United Kingdom. In addition, the method we use for deletion and retention of data is acceptable under the GDPR. This verifies to our customers they are using software that is going to keep them compliant when 25 May 2018 comes around.

DATA PROCESSING

We promise to maintain a high level of security, and will ensure timely breach reporting to meet all GDPR expectations. To reflect this, we utilise a number of security features through our hosting partners. Our security practices also include breach detection and timely notification and then recovery. We've purchased this protection on behalf of all of our customers. It's incumbent upon each data controller to ensure that its data processors have the right infrastructure in place to process personal data.

PROCESSING ACCORDING TO INSTRUCTIONS

Any data that a customer and its users put into our systems will only be processed in accordance with the customer’s instructions.

EMPLOYEE CONFIDENTIALITY

All of TCF Software's employees are required to sign a confidentiality agreement and complete mandatory confidentiality and privacy training.

DATA RETURN & DELETION

Where your app’s features do not include automatic deletion of data, TCF Software's helpdesk will delete and/or export (return) data at any time during the term of our service agreement.