We recognise that you too will be going through your GDPR implementation process and will have questions for data processors like ourselves.
In that regard, we’d encourage you to read about how we safeguard your data in our Data Security and Privacy articles. These documents already cover the majority of GDPR related questions, but if you have any more questions, please raise them through your help centre.
Almost certainly. Any company that stores or processes personally identifiable information for EU residents will be responsible for complying with the new regulations, even if that company is not based in the EU.
Most definitely, Yes.
Elite is currently in the process of completing our own GDPR compliance and this will be completed before the GDPR deadline. This will mean that you will be compliant when using Elite as a data processor for your own GDPR compliance. That said we cannot account for your own internal processes and policies which could impact your compliance with the law. You can have faith that all that Elite are responsible for will adhere to the law.
Yes. PII data is considered any information you store which can uniquely identify an individual either directly or indirectly. Elite stores various pieces of user information would be counted as PII data. Pseudonymisation occurs where possible to further protect your personal information.
Elite Limited stores various pieces of user information would be counted as PII data including, but not limited to:
Yes. Elite Limited uses third-party applications to help monitor our infrastructure, track services and ensure we maintain good performance, availability, and usability for our customers. Some of these third-party services are hosted outside of the EU. All of our third parties are hosted in countries which obey strict and lawful standards of security. Such as EU-U.S. and Swiss-U.S. Privacy Shield Notice. All efforts have been made to move personal data into the EU/EEC.
We process personal information to enable us to provide services to you, the customer. Only when necessary is this shared with 3rd parties (Communication and Service Records).
Passwords are only stored as an MD5 hash with no plain text storage. All other information is stored to ISO27001 standards (Accreditation Pending)
For our customers, indefinitely, although if a customer leaves and requests “to be forgotten” information will be deleted where possible and Pseudonymisation will be applied where unable.
At present there is no specific agreement, our current aim is to include the required terms (as specified in Article 28 of the GDPR Act) into our standard terms and conditions.
In part. Data is transferred to Elite Limited using HTTPS. Passwords are stored in a Hashed form. Databases are not stored encrypted due to the overhead impact and this would affect our ability to provide our customers with a quick and affordable service. DB encryption can be requested by individual customers. Any extracts of customer data in the form of reports and other mobile formats are encrypted outside of our secure infrastructure.